LDAP role_mapping don't work...?

KeithTt · July 13, 2017, 11:29am

ES/Logstash/Kibana version: 5.4.1

I have configured LDAP and it works, also I can login with a user in LDAP.
But there is no permission to access anything. So I configure the role_mapping file as the official guide tells.

https://www.elastic.co/guide/en/x-pack/current/mapping-roles.html#ldap-role-mapping

But the role_mapping do not work, do I miss something? or something is wrong?

Here is my configuration:

# vim /etc/elasticsearch/elasticsearch.yml
xpack:
  security:
    authc:
      realms:
        ldap1:
          type: ldap
          order: 0
          url: "ldap://192.168.2.164:389"
          user_dn_templates:
            - "uid={0},ou=Users,dc=beijing,dc=op"
          group_search:
            base_dn: "dc=beijing,dc=op"
          files:
            role_mapping: "/etc/elasticsearch/x-pack/role_mapping.yml"
          unmapped_groups_as_roles: false

# vim /etc/elasticsearch/x-pack/role_mapping.yml
superuser:
  - "uid=shengyongp,ou=User,dc=beijing,dc=op"

TimV · July 13, 2017, 12:25pm

It appears you have a typo in your mapping file.
Your user_dn_templates is using ou=Users but your role-mapping file is using ou=User.

KeithTt · July 13, 2017, 7:07pm

Resolved. thanks a lot !

system · August 10, 2017, 7:08pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.