Multiple realms not working

security

(Bob) #1

I can use an esuser realm or an active_directory realm to authenticate my users but I can't use both. When I add the following to my elasticsearch.yml file the service won't start and it dies before writing to the log file. Does anyone see anything wrong with this? (From the end of my elasticsearch.yml file)
shield.ssl.keystore.path: /etc/elasticsearch/shield/node01.jks
shield.ssl.keystore.password:
shield:
authc:
realms:
active_directory:
type: active_directory
order: 0
domain_name:
url: ldaps://:636
unmapped_groups_as_roles: true
esusers:
type: esusers
order: 1


(Bob) #2

User error... I THOUGHT AD was working, but alas it is not...


(Steve Kearns) #3

It can sometimes be tricky to configure AD or LDAP integration.

If you want more logging of the connection to AD, you can add shield.authc: DEBUG to the logging.yml configuration file in CONFIG_DIR.


(system) #4