LDAP role_mapping don't work...?

KeithTt · July 13, 2017, 11:29am

ES/Logstash/Kibana version: 5.4.1

I have configured LDAP and it works, also I can login with a user in LDAP.
But there is no permission to access anything. So I configure the role_mapping file as the official guide tells.

https://www.elastic.co/guide/en/x-pack/current/mapping-roles.html#ldap-role-mapping

But the role_mapping do not work, do I miss something? or something is wrong?

Here is my configuration:

# vim /etc/elasticsearch/elasticsearch.yml
xpack:
  security:
    authc:
      realms:
        ldap1:
          type: ldap
          order: 0
          url: "ldap://192.168.2.164:389"
          user_dn_templates:
            - "uid={0},ou=Users,dc=beijing,dc=op"
          group_search:
            base_dn: "dc=beijing,dc=op"
          files:
            role_mapping: "/etc/elasticsearch/x-pack/role_mapping.yml"
          unmapped_groups_as_roles: false

# vim /etc/elasticsearch/x-pack/role_mapping.yml
superuser:
  - "uid=shengyongp,ou=User,dc=beijing,dc=op"

TimV · July 13, 2017, 12:25pm

It appears you have a typo in your mapping file.
Your user_dn_templates is using ou=Users but your role-mapping file is using ou=User.

KeithTt · July 13, 2017, 7:07pm

Resolved. thanks a lot !

system · August 10, 2017, 7:08pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Mapping LDAP Groups to Roles Elasticsearch	14	4073	March 12, 2018
Having issues mapping roles to users in nested LDAP groups Elasticsearch	7	3502	August 17, 2017
Role Mapping API not working Elasticsearch	4	2529	August 7, 2018
Role_mapping file not able to point users if it does not have full DN Elasticsearch elastic-stack-security	6	635	December 16, 2019
Failed to assign role via role mapping API ldap realm Kibana	1	155	May 26, 2023

LDAP role_mapping don't work...?

Related topics