I have trial license Elasticsearch node, and i want to integrate it to use Active directory authentication
Here's snippet from my Elasticsearch.yml file
xpack:
security:
enabled: true
transport:
ssl:
enabled: true
authc:
realms:
active_directory:
my_ad:
order: 1
domain_name: ad-1dc.com
url: ldaps://ad-1dc.com:389, ldaps://ad-2dc.com:389, ldaps://ad-3dc.com:389
ssl:
certificate_authorities: ["/etc/elasticsearch/certnew.pem"]
user_search:
base_dn: "CN=elastic_group,OU=IT,DC=rogaikopita,DC=com"
group_search:
base_dn: "CN=elastic_group,OU=IT,DC=rogaikopita,DC=com"
files:
role_mapping: "/etc/elasticsearch/role_mapping.yml"
load_balance:
type: "round_robin"
but when i login to kibana using ad credentials, error appeared
[2021-10-27T12:33:21,584][WARN ][o.e.x.s.a.AuthenticationService] [elastic-01] Authentication to realm my_ad failed - authenticate failed (Caused by LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to connect to server ad-1dc.com:389: IOException(LDAPException(resultCode=91 (connect error), errorMessage='Unable to verify an attempt to to establish a secure connection to 'ad-1dc.com:389' because an unexpected error was encountered during validation processing: SSLPeerUnverifiedException(peer not authenticated), ldapSDKVersion=4.0.8, revision=28812'))'))
p.s i import to root ca /etc/Elasticsearch/certnew.pem to OS trusted certificates