The file role_mapping.yml is not loaded or used

cglencr · October 21, 2019, 4:11pm

I am attempting to use the Active Directory realm for authentication via Kibana. But believe I have the format for a AD account wrong. I am using the distinguished name but think for individual users it is not what I should use.

I have updated the role_mapping.yml file as:

      superuser:
        - "CN=Lastname\, First,OU=TheOU,DC=ad,DC=company,DC=com"

Restart the ES service.
I can then login with my AD account but receive this message:
{"statusCode":403,"error":"Forbidden","message":"Forbidden"}

cglencr · October 21, 2019, 5:41pm

I believe the issue is the format of the CN.
My company has it as:
Lastname, First
Which is how special characters like a comma are to be represented. Is this acceptable by ElasticSearch? Because it is the correct format for LDAP or Active Directory.

cglencr · October 24, 2019, 6:39pm

Sorry I meant to say to show a comma in a CN you need to escape as per LDAP rules.
LastName, First
should be valid but it appears ES is not parsing it correctly.

Topic		Replies	Views
Troubles with active directory user authentication Elasticsearch elastic-stack-security	10	2358	November 1, 2021
Authentication against Active Directory Elasticsearch	1	789	February 11, 2020
{"statusCode":403,"error":"Forbidden","message":"Forbidden"}to open kibana with AD authentication Elasticsearch elastic-stack-security	5	6223	February 25, 2020
Roles in role_mapping.yml not assigned to ad user Elasticsearch	3	3298	May 15, 2017
How to get authorized with sAMAcount Elasticsearch	3	818	December 4, 2016

The file role_mapping.yml is not loaded or used

Related topics