Unable to authenticate with LDAP/AD

security

(Vinod) #1

I keep getting a failed auth attempt when trying to authenticate with LDAP. Here is a snippet from the logs

[2016-01-26 11:55:24,039][WARN ][shield.authc.ldap ] [DataGrid-1] failed LDAP authentication with user template [cn=Users, ou=builtin, dc=testing, dc=corp] and DN [cn=Users, ou=builtin, dc=testing, dc=corp]: 80090308: LdapErr: DSID-0C0903C8, comment: AcceptSecurityContext error, data 52e, v2580
2016-01-26 11:55:24,061][WARN ][shield.authc.ldap ] [DataGrid-1] authentication failed for user [administrator]: failed LDAP authentication
cause: com.unboundid.ldap.sdk.LDAPException: 80090308: LdapErr: DSID-0C0903C8, comment: AcceptSecurityContext error, data 52e, v2580
[2016-01-26 11:55:24,085][INFO ][rest.suppressed ] / Params: {}
ElasticsearchSecurityException[unable to authenticate user [administrator] for REST request [/]]
at org.elasticsearch.shield.support.Exceptions.authenticationError(Exceptions.java:39)

elasticsearch.yml setting
shield.authc.realms:

esusers1:

type: esusers

order: 1

ldap1:
type: ldap
order: 1
url: "LDAP://Test.testing.corp:389"
user_dn_templates:

  • "cn=Users, ou=builtin, dc=testing, dc=corp"
    group_search:
    base_dn: "dc=mycompany,dc=corp"

role_mapping.yml
admin:

  • "cn=Users,dc=testing,dc=corp"
  • "cn=Administrators,dc=testing,dc=corp

I dont have SSL/TLS set up, but am assuming that is not a requirement.

Not sure what else I'm missing here.. any help is appreciated

Thanks


(Vinod) #2

I wanted to close the loop on this. I resolved the issue by copying the DN as is from the LDAP server. but mainly the cn, ou, dc were capitalized and no spaces after the ","

Thanks


(system) #3