Ldap user unable to login after upgrade to 6.6.1

I just upgraded a test cluster and now I'm not able to login as a user which is in an ldap group for superusers.
I'm getting the error below
Error in Browser
{"message":"action [indices:data/read/search] is unauthorized for user [user123]: [security_exception] action [indices:data/read/search] is unauthorized for user [user123]","statusCode":403,"error":"Forbidden"}

I have added a superuser role_mapping in the Elastic API as well as in the /etc/elasticsearch/role_mapping.yml file

"superuser" : {
"enabled" : true,
"roles" : [
"rules" : {
"field" : {
"groups" : "CN=sdlc_elasticsearch_admin,OU=elk,OU=appgroups,OU=accessmgmnt,DC=something,DC=something,DC=com"
"metadata" : { }

Any Ideas how I may resolve this issue?

Hey @Kevin_Comer, which version were you on prior to the upgrade?


Are you seeing that error message directly after logging in to Kibana?

Yes I was getting this directory in the browser after logging and I was just now able to resolve this with a change in my ldap configuration.

My group search base dn changed and this test cluster did not get updated. I corrected this and now Im able to login.

Thank You

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.