Hi Everyone,
I stuck on an issue connection Kibana and Elasticsearch with Shield.
Shield version is 2.4
Kibana version is 4.6.1
Elasticsearch version is 2.4
I have configured an ldap for authentication in elasticsearch.
From now, I can see I error when I try to log into kibana with a user:
[security_exception] action [cluster:monitor/nodes/info] is unauthorized for user [kibana-server]
In ElasticSearch logs I have:
[2016-11-28 15:48:34,746][DEBUG][indices.cluster ] [node_serverlog] [logstash-2016.11.22] adding mapping [logs] (source suppressed due to length, use TRACE level if needed)
[2016-11-28 15:48:34,761][DEBUG][shield.authc.support ] [node_serverlog] the roles [[]], are mapped from these [ldap] groups [[]] for realm [ldap/ldap1]
[2016-11-28 15:48:34,762][DEBUG][shield.authc.support ] [node_serverlog] the roles [[]], are mapped from the user [ldap] for realm [uid=kibana-server,ou=xxxx,ou=yyyyyy,ou=zzzzzz,dc=exemple,dc=com/ldap]
[2016-11-28 15:48:34,779][DEBUG][shield.authc.ldap ] [node_serverlog] authenticated user [kibana-server], with roles [[]]
[2016-11-28 15:48:34,796][DEBUG][netty.handler.ssl.SslHandler] Failed to clean up SSLEngine.
In Kibana logs I have:
{"type":"log","@timestamp":"2016-11-28T14:48:21Z","tags":["error","elasticsearch"],"pid":573,"message":"Request error, retrying -- connect ECONNREFUSED 192.116.9.16:9200"}
{"type":"log","@timestamp":"2016-11-28T14:48:21Z","tags":["status","plugin:elasticsearch@1.0.0","error"],"pid":573,"state":"red","message":"Status changed from red to red - Unable to connect to Elasticsearch at https://node:9200.","prevState":"red","prevMsg":"[security_exception] action [cluster:monitor/nodes/info] is unauthorized for user [kibana-server]"}
{"type":"log","@timestamp":"2016-11-28T14:48:34Z","tags":["status","plugin:elasticsearch@1.0.0","error"],"pid":573,"state":"red","message":"Status changed from red to red - [security_exception] action [cluster:monitor/nodes/info] is unauthorized for user [kibana-server]","prevState":"red","prevMsg":"Unable to connect to Elasticsearch at https://oslxlog22.sogecap.socgen:9200."}
Is this a SSL issue or a role mapping issue? I'm a bit lost...
I thank you for any help anyone can give me on this issue...
Best Regards,
Del