dn: cn=,ou=group,dc=company,dc=com
member: uid=,ou=People,dc=company,dc=com
memberUid:
gidNumber:
objectClass: posixGroup
objectClass: top
objectClass: groupOfNames
cn:
dn: uid=testuser,ou=People,dc=company,dc=com
userPassword: XXXX
loginShell: /bin/bash
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
objectClass: top
gidNumber: xxxx
uid: testuser
uidNumber: xxxxxxx
This seems odd as the DN, objectClass, and memberUid attributes in the group search filter look correct to me.
group_search:
base_dn: "ou=group,dc=company,dc=com"
filter: "(&(objectClass=posixGroup)(memberUid={0}))"
user_attribute: "uid"
Maybe you could try with member as that seems to list the DN of the user:
group_search:
base_dn: "ou=group,dc=company,dc=com"
filter: "(&(objectClass=posixGroup)(member={0}))"Same error for group added in role_mapping : - "cn=SuperUsers,ou=group,dc=company,dc=com"
[2016-05-27 15:20:55,913][DEBUG][shield.authc.support ] the roles [[]], are mapped from these [ldap] groups [[]] for realm [ldap/ldap1]
[2016-05-27 15:20:55,913][DEBUG][shield.authc.support ] the roles [[]], are mapped from the user [ldap] for realm [uid=testuser,ou=People,dc=company,dc=com/ldap]
One more thing, if i add user in role_mapping and use first config , then user is not able to authenticate, But if i remove user_attribute from config then user works
- "uid=testuser,ou=People,dc=company,dc=com"
Although, user authentication is working for 2nd config , but not for group 
Issue resolved using usersearch key.
i have the same erro, can you tall me what the usersearch key? and how to solved that problem.
thanks!
i am the same version v2.3.2, can you tall me how you to solved this issue? could you giveme your elasticsearch.yml role_mapping or other conf's text usefull,thank you very much
Used below ldap configurations to fix this:
shield.ssl.keystore.path:
shield.ssl.keystore.password:
shield:
authc:
realms:
esusers:
type: esusers
order: 0
ldap1:
type: ldap
order: 1
url: ""
bind_dn: ""
bind_password:
user_search:
base_dn: ""
group_search:
base_dn: ""
files:
role_mapping: ""
i used the same thing ,but the LDAP group can't work ,only LDAP user can login to ES. IS the Setting Up SSL must be setting? or anythins i missed?
there have the logs with waring : com.unboundid.ldap.sdk.LDAPExpection: invalid credentials ,but i am sure the bind_dn: amind and the password is right to connect LDAP server
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.