Post LDAP setting in elasticsearch.yml file, error seen in elasticsearch launch

Elastic Stack Elasticsearch
1

Hi Team

I have added LDAP setting in elasticsearch.yml file and post which if i launch elasticsearch I get below error.

---------------------------------- Various -----------------------------------

Require explicit names when deleting indices:

#action.destructive_requires_name: true

#---------------------LDAP setting----------------------------------------------
xpack.security:
authc:
realms:
ldap1:
type: ldap
order: 0
url: "ldaps://ldap:636"
bind_dn: "ou=a,dc=b,dc=c,dc=d,dc=e"
bind_password: xxxxxx"
user_search:
base_dn: "dc=b,dc=c,dc=d,dc=e"
filter: "(cn={0})"
group_search:
base_dn: "dc=b,dc=c,dc=d,dc=e"
files:
role_mapping: "ES_PATH_CONF/x-pack/role_mapping.yml"
unmapped_groups_as_roles: false

Error detail:
java.lang.IllegalStateException: failed to load plugin class [org.elasticsearch.xpack.security.Security]
Likely root cause: java.lang.IllegalArgumentException: Incorrect realm settings found. Realm settings have been changed to include the type as part of the setting key.
For example 'xpack.security.authc.realms.file.my_file.order'
Found invalid config: xpack.security.authc.realms.ldap1.type, xpack.security.authc.realms.ldap, xpack.security.authc.realms.ldap1.bind_password, xpack.security.authc.realms.ldap1.order, xpack.security.authc.realms.ldap1.bind_dn, xpack.security.authc.realms.ldap1.url, xpack.security.authc.realms.ldap1.unmapped_groups_as_roles
Please see the breaking changes documentation.

2

Hi @lisha7 - Welcome to our community forums!

There are some invalid settings in your configuration. For example, type is not a valid setting. You may want to check an example of LDAP configuration in our documentation.

I hope that helps.

3

Thanks Romain.

I have given valid setting as per the documentation,
xpack.security.http.ssl.verification_mode: certificate
xpack.security.authc.token.enabled: true
xpack.security.authc.realms:
ldap.ldap1:
order: 2
url: "ldaps://SERVER_IP:636"
user_search:
base_dn: "dc=example,dc=com"
attribute: cn
group_search:
base_dn: "ou=groups,dc=example,dc=com"
ssl:
verification_mode: certificate
truststore:
path: "/app/config/truststore/keystore.ks"
password: "PASSWORD"
files:
role_mapping: "/app/config/mappings/role-mappings.yml"
unmapped_groups_as_roles: false

I see below error,
java.lang.IllegalStateException: failed to load plugin class [org.elasticsearch.xpack.security.Security]
Likely root cause: java.lang.IllegalArgumentException: Incorrect realm settings found. Realm settings have been changed to include the type as part of the setting key.
For example 'xpack.security.authc.realms.file.my_file.order'
Found invalid config: xpack.security.authc.realms.ldap
Please see the breaking changes documentation.