Hello,
I have integrated shield and LDAP. Both of these components are on the same machine (Windows 10) . I'm doing this exercise before implementing it on production. Below is the the ldap realm:
shield:
authc:
realms:
ldap1:
type: ldap
order: 0
url: "ldaps://localhost:636"
bind_dn: "cn=Manager,dc=maxcrc,dc=com"
bind_password: secret
user_search:
base_dn: "dc=maxcrc,dc=com"
attribute: cn
group_search:
base_dn: "dc=maxcrc,dc=com"
files:
role_mapping: "E:/elasticsearch/elasticsearch-2.4.0/config/shield/role_mapping.yml"
unmapped_groups_as_roles: false
I'm not using SSL between LDAP and Shield.
I'm getting this error in the startup logs:
[2016-09-09 15:29:04,403][ERROR][shield.authc.ldap ] [Elysius] unable to create connection pool for realm [ldap1]: An error occurred while attempting to connect to server localhost:636: java.io.IOException: Unable to verify an attempt to to establish a secure connection to 'localhost:636' because an unexpected error was encountered during validation processing: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
And ultimately it's not getting authenticated from the browser too.
Edit: I changed the realm to this:
shield:
authc:
realms:
ldap1:
type: ldap
order: 0
url: "ldaps://localhost:636"
user_dn_templates:
- "cn={0}, ou=users, cn=Manager,dc=maxcrc,dc=com"
group_search:
base_dn: "dc=maxcrc,dc=com"
files:
role_mapping: "E:/elasticsearch/elasticsearch-2.4.0/config/shield/role_mapping.yml"
unmapped_groups_as_roles: false
It starts up without any errors but when I give the LDAP user credentials in the browser, Manager/secret(password), it doesn't authenticate.
Please help.
