Problems after trying to setup realms

rugenl · March 13, 2019, 11:17pm

On elasticsearch 6.6.1, we were trying to add a realm for our active directory environment.

We first added something similar to this:

xpack:
security:
authc:
realms:
native1:
type: native
order: 0
ldap1:
type: ldap
order: 1
url: "ldaps://ldap.sanitized.edu:3269"
.....snip.....

Pretty much per the example, just changing our environment. We configured role_mapping.yml, started elasticsearch but got this error....

parsed [0] roles from file [/etc/elasticsearch/roles.yml]

After some stumbles, we realized we should be using the active_directory type, so we changed the elasticsearch.yml to:

xpack:
security:
authc:
realms:
native1:
type: native
order: 0
active_directory:
type: active_directory
order: 1
domain_name: also.sanitized.edu
url: "ldaps://ldap.sanitized.edu:3269"
bind_dn: our_bind_guy@sanitized.edu

Now we get errors like:

missing realm type [xpack.security.authc.realms.ldap1.type] for realm

That is confusing, the string "ldap1" exists nowhere in /etc/elasticsearch, verified by grep. Has elasticsearch saved some of this bad realm info in it's database?

We are stuck, we're going to move to a more expendable stack and start over, but I would like to get this stack back if possible.

Thanks.

TimV · March 13, 2019, 11:30pm

Can you please format Yaml as a code block (the </> button) rather than a block quote.
Whitespace is important in Yaml and it's impossible to know what your config looks like if the space is stripped.

That's not an error. The bit of the log that you stripped off from the beginnning says that it is an INFO message.

[2019-03-13T12:34:56,789][INFO ][o.e.x.s.a.s.FileRolesStore] [node01] parsed [0] roles from file [/etc/elasticsearch/roles.yml]

Info messages are helpful for diagnosing problems when something goes wrong, but you shouldn't read them as a sign that there's a problem.

Check your keystore:

bin/elasticsearch-keystore list

rugenl · March 14, 2019, 1:34am

OK, this is the fix

elasticsearch-keystore remove xpack.security.authc.realms.ldap1.secure_bind_password

I knew we left it in there, I just guessed it wouldn't be referenced.

Thanks

system · April 11, 2019, 1:34am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Active Directory configuration issue Elasticsearch	2	365	September 6, 2019
Post LDAP setting in elasticsearch.yml file, error seen in elasticsearch launch Elasticsearch elastic-stack-security	3	1478	June 10, 2020
Configuring x-pack and active directory Elasticsearch	4	2020	March 23, 2018
X-Pack LDAP testing Elasticsearch	4	5802	May 31, 2017
Trouble with Active D authentication settings Elasticsearch elastic-stack-security	5	391	May 17, 2019

Problems after trying to setup realms

Related topics