Will my LDAP integration stop working when my Platinum license expires and enters in degraded mode?

In in this topic I asked about if my LDAP integration would stop working if my Platinum license expires.

I got a good answer but actually, I think it was not what I expected.
The answer was more about what would happen if I change my licence to be Basic.

But my question was more about what happens when the Platinum licence expires and the cluster enters in "degraded mode" as linked from this main documentation.
The point is that the "degraded mode" documentation does not explain anything about if LDAP or other authentication methods are lost or not and I need to clarify it.

After my last message on the old topic I got no answer so I have created this new topic to see if we can solve it.
Thanks a lot.

Answer from info@elastic.co:

I believe that it will not work, as LDAP requires at least a gold subscription to be activated on self managed clusters.
Hope this helps!

My answer:

Hi, thanks.

According to the Subscription page I could think the same.
But my question originates on that in the "degraded mode" described in this official docu it does not say anything about the LDAP, but for instance it does talk about Machine Learning, which is also a paid service.

So I think the documentation is confusing, but for me this question is really important.

Just in case it is important, I am running an Elasticsearch v6.8.

Update. I have also asked this to support@elastic.co as I am not yet receiving a proper answer.

The point of "degraded mode" is to allow a certain amount of grace if you genuinely forgot to renew a licence, not to let you to continue to use features that you are no longer permitted to use if you have no intention of renewing. A cluster with an expired licence is pretty severely crippled and you must install a valid licence (perhaps a free, Basic, one) as soon as possible. As the docs you linked say:

You should update your license as soon as possible. You are essentially flying blind when running with an expired license. Access to the cluster health and stats APIs is critical for monitoring and managing an Elasticsearch cluster.

I think that the precise answer to your question is covered in the Security section of that page: basic read/write operations will continue to work with an expired licence, but administrative/monitoring ones will be forbidden.

Thanks @DavidTurner.

I do not aggree with you about:

I think that the precise answer to your question is covered in the Security section of that page:
basic read/write operations will continue to work with an expired licence, but administrative/monitoring ones will be forbidden.

My question is Will my LDAP integration stop working when my Platinum license expires and enters in degraded mode?.
That docu does not describe anything about LDAP.

And of course I do not want to "live in degraded mode", I want to clarify this point because if at some point a new licence takes time to get approved&paid&received it can be a huge problem that users cannot login.

Yes, I don't think LDAP behaves differently from other authentication mechanisms so there's no need to call it out specially. "Users logging in" sounds to me like basic read/write operations, not administrative/monitoring ones, so should carry on working.

"Users logging in" sounds to me like basic read/write operations, not administrative/monitoring ones, so should carry on working.

So basically you are dividing any feature of a cluster in 2 branches and you are placing LDAP in the one that you think fits better:

  • "basic read/write operations"
  • "administrative/monitoring ones"

Why? Just because there is a sentence that says:

basic read/write operations will continue to work with an expired licence, but administrative/monitoring ones will be forbidden.

For me it does not make sense. It is a too simple sentence. I think the documentation is not strong enough and it is not properly bound to the suscriptions page. From my opinion we cannot use it to get the answer to the question.

The purpose of my question is that if someone knows the answer for sure can help me. Not just trying to get an answer from the documentation as it is weak and I already read everything.

Thanks anyway.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.