The file role_mapping.yml is not loaded or used

cglencr · October 21, 2019, 4:11pm

I am attempting to use the Active Directory realm for authentication via Kibana. But believe I have the format for a AD account wrong. I am using the distinguished name but think for individual users it is not what I should use.

I have updated the role_mapping.yml file as:

      superuser:
        - "CN=Lastname\, First,OU=TheOU,DC=ad,DC=company,DC=com"

Restart the ES service.
I can then login with my AD account but receive this message:
{"statusCode":403,"error":"Forbidden","message":"Forbidden"}

cglencr · October 21, 2019, 5:41pm

I believe the issue is the format of the CN.
My company has it as:
Lastname, First
Which is how special characters like a comma are to be represented. Is this acceptable by ElasticSearch? Because it is the correct format for LDAP or Active Directory.

cglencr · October 24, 2019, 6:39pm

Sorry I meant to say to show a comma in a CN you need to escape as per LDAP rules.
LastName, First
should be valid but it appears ES is not parsing it correctly.

system · November 21, 2019, 6:39pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Active Directory Role Mapping in the role_mapping.yml file Elasticsearch	2	1009	May 31, 2018
LDAP role_mapping don't work...? Elasticsearch	3	750	August 10, 2017
Document level Security Elasticsearch	11	1069	April 25, 2017
Authentication against Active Directory Elasticsearch	2	732	March 10, 2020
Shield/ldap integration Elasticsearch elastic-stack-security	2	1084	December 26, 2016

The file role_mapping.yml is not loaded or used

Related topics