Help with LDAP authentification

simon.minery · June 26, 2015, 7:51am

Hello, I’m trying to authenticate my users.

Here’s part of my config in the elasticsearch.yml :

searchguard.authentication.authentication_backend.impl: com.floragunn.searchguard.authentication.backend.ldap.LDAPAuthenticationBackend
searchguard.authentication.authentication_backend.cache.enable: false
searchguard.authentication.http_authenticator.impl: com.floragunn.searchguard.authentication.http.basic.HTTPBasicAuthenticator
searchguard.authentication.authorizer.cache.enable: false
searchguard.authentication.ldap.host: [“ldap-server.host”]
searchguard.authentication.ldap.ldaps.ssl.enabled: true
searchguard.authentication.ldap.ldaps.starttls.enabled: false
searchguard.authentication.ldap.bind_dn: cn=user,dc=my,dc=ldap.host
searchguard.authentication.ldap.password: userpass
searchguard.authentication.ldap.userbase: ou=users,dc=my,dc=ldap.host
searchguard.authentication.ldap.usersearch: (uid={0})
searchguard.authentication.ldap.username_attribute: cn
searchguard.authentication.authorization.ldap.rolebase: ou=groups,dc=my,dc=ldap.host
searchguard.authentication.authorization.ldap.rolesearch: (memberUid={0})
searchguard.authentication.authorization.ldap.userroleattribute: null
searchguard.authentication.authorization.ldap.userrolename: memberOf
searchguard.authentication.authorization.ldap.rolename: cn
searchguard.authentication.authorization.ldap.resolve_nested_roles: false

Here’s the curl trace:

curl -u simon -v -XGET ‘http://myes-searchguard:9200/_cluster/health?pretty=true’
Enter host password for user ‘simo1234’:

Trying 192.168.200.213… connected

Server auth using Basic with user ‘simon’

GET /_cluster/health?pretty=true HTTP/1.1
Authorization: Basic c2ltbzEyMzQ6QWRtaW4xMjMt
User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.16.2.3 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
Accept: /

< HTTP/1.1 500 Internal Server Error
< Content-Type: application/json; charset=UTF-8
< Content-Length: 114
<
{
“error” : "AuthException[java.lang.NullPointerException]; nested: NullPointerException; ",
“status” : 500
}

Closing connection #0

And here’s the node trace:

[2015-06-26 09:49:18,696][ERROR][com.floragunn.searchguard.authentication.backend.ldap.LDAPAuthenticationBackend] java.lang.NullPointerException
java.lang.NullPointerException
at java.io.File.(File.java:277)
at com.floragunn.searchguard.authorization.ldap.LDAPAuthorizator.getConnection(LDAPAuthorizator.java:84)
at com.floragunn.searchguard.authentication.backend.ldap.LDAPAuthenticationBackend.authenticate(LDAPAuthenticationBackend.java:61)
at com.floragunn.searchguard.authentication.http.basic.HTTPBasicAuthenticator.authenticate(HTTPBasicAuthenticator.java:77)
at com.floragunn.searchguard.rest.AbstractACRestFilter.process(AbstractACRestFilter.java:178)
at org.elasticsearch.rest.RestController$ControllerFilterChain.continueProcessing(RestController.java:283)
at org.elasticsearch.rest.RestController.dispatchRequest(RestController.java:180)
at org.elasticsearch.http.HttpServer.internalDispatchRequest(HttpServer.java:121)
at org.elasticsearch.http.HttpServer$Dispatcher.dispatchRequest(HttpServer.java:83)
at org.elasticsearch.http.netty.NettyHttpServerTransport.dispatchRequest(NettyHttpServerTransport.java:327)
at org.elasticsearch.http.netty.HttpRequestHandler.messageReceived(HttpRequestHandler.java:63)
at org.elasticsearch.common.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
at org.elasticsearch.common.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)
at org.elasticsearch.http.netty.pipelining.HttpPipeliningHandler.messageReceived(HttpPipeliningHandler.java:60)
at org.elasticsearch.common.netty.channel.SimpleChannelHandler.handleUpstream(SimpleChannelHandler.java:88)
at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
at org.elasticsearch.common.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)
at org.elasticsearch.common.netty.handler.codec.http.HttpChunkAggregator.messageReceived(HttpChunkAggregator.java:145)
at org.elasticsearch.common.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
at org.elasticsearch.common.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)
at org.elasticsearch.common.netty.handler.codec.http.HttpContentDecoder.messageReceived(HttpContentDecoder.java:108)
at org.elasticsearch.common.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
at org.elasticsearch.common.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)
at org.elasticsearch.common.netty.channel.Channels.fireMessageReceived(Channels.java:296)
at org.elasticsearch.common.netty.handler.codec.frame.FrameDecoder.unfoldAndFireMessageReceived(FrameDecoder.java:459)
at org.elasticsearch.common.netty.handler.codec.replay.ReplayingDecoder.callDecode(ReplayingDecoder.java:536)
at org.elasticsearch.common.netty.handler.codec.replay.ReplayingDecoder.messageReceived(ReplayingDecoder.java:435)
at org.elasticsearch.common.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
at org.elasticsearch.common.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)
at org.elasticsearch.common.netty.OpenChannelsHandler.handleUpstream(OpenChannelsHandler.java:74)
at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559)
at org.elasticsearch.common.netty.channel.Channels.fireMessageReceived(Channels.java:268)
at org.elasticsearch.common.netty.channel.Channels.fireMessageReceived(Channels.java:255)
at org.elasticsearch.common.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88)
at org.elasticsearch.common.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:108)
at org.elasticsearch.common.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:337)
at org.elasticsearch.common.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:89)
at org.elasticsearch.common.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)
at org.elasticsearch.common.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108)
at org.elasticsearch.common.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
[2015-06-26 09:49:18,724][ERROR][com.floragunn.searchguard.rest.DefaultRestFilter] com.floragunn.searchguard.authentication.AuthException: java.lang.NullPointerException
com.floragunn.searchguard.authentication.AuthException: java.lang.NullPointerException
at com.floragunn.searchguard.authentication.backend.ldap.LDAPAuthenticationBackend.authenticate(LDAPAuthenticationBackend.java:108)
at com.floragunn.searchguard.authentication.http.basic.HTTPBasicAuthenticator.authenticate(HTTPBasicAuthenticator.java:77)
at com.floragunn.searchguard.rest.AbstractACRestFilter.process(AbstractACRestFilter.java:178)
at org.elasticsearch.rest.RestController$ControllerFilterChain.continueProcessing(RestController.java:283)
at org.elasticsearch.rest.RestController.dispatchRequest(RestController.java:180)
at org.elasticsearch.http.HttpServer.internalDispatchRequest(HttpServer.java:121)
at org.elasticsearch.http.HttpServer$Dispatcher.dispatchRequest(HttpServer.java:83)
at org.elasticsearch.http.netty.NettyHttpServerTransport.dispatchRequest(NettyHttpServerTransport.java:327)
at org.elasticsearch.http.netty.HttpRequestHandler.messageReceived(HttpRequestHandler.java:63)
at org.elasticsearch.common.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
at org.elasticsearch.common.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)
at org.elasticsearch.http.netty.pipelining.HttpPipeliningHandler.messageReceived(HttpPipeliningHandler.java:60)
at org.elasticsearch.common.netty.channel.SimpleChannelHandler.handleUpstream(SimpleChannelHandler.java:88)
at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
at org.elasticsearch.common.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)
at org.elasticsearch.common.netty.handler.codec.http.HttpChunkAggregator.messageReceived(HttpChunkAggregator.java:145)
at org.elasticsearch.common.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
at org.elasticsearch.common.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)
at org.elasticsearch.common.netty.handler.codec.http.HttpContentDecoder.messageReceived(HttpContentDecoder.java:108)
at org.elasticsearch.common.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
at org.elasticsearch.common.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)
at org.elasticsearch.common.netty.channel.Channels.fireMessageReceived(Channels.java:296)
at org.elasticsearch.common.netty.handler.codec.frame.FrameDecoder.unfoldAndFireMessageReceived(FrameDecoder.java:459)
at org.elasticsearch.common.netty.handler.codec.replay.ReplayingDecoder.callDecode(ReplayingDecoder.java:536)
at org.elasticsearch.common.netty.handler.codec.replay.ReplayingDecoder.messageReceived(ReplayingDecoder.java:435)
at org.elasticsearch.common.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
at org.elasticsearch.common.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)
at org.elasticsearch.common.netty.OpenChannelsHandler.handleUpstream(OpenChannelsHandler.java:74)
at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559)
at org.elasticsearch.common.netty.channel.Channels.fireMessageReceived(Channels.java:268)
at org.elasticsearch.common.netty.channel.Channels.fireMessageReceived(Channels.java:255)
at org.elasticsearch.common.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88)
at org.elasticsearch.common.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:108)
at org.elasticsearch.common.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:337)
at org.elasticsearch.common.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:89)
at org.elasticsearch.common.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)
at org.elasticsearch.common.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108)
at org.elasticsearch.common.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.NullPointerException
at java.io.File.(File.java:277)
at com.floragunn.searchguard.authorization.ldap.LDAPAuthorizator.getConnection(LDAPAuthorizator.java:84)
at com.floragunn.searchguard.authentication.backend.ldap.LDAPAuthenticationBackend.authenticate(LDAPAuthenticationBackend.java:61)
… 45 more

Am I configuring something wrong ?

Thank you very much !

searchguard_google_group · June 26, 2015, 8:17am

reason is that you have enabled ssl (searchguard.authentication.ldap.ldaps.ssl.enabled) but not provided key files

searchguard.authentication.ldap.ldaps.truststore_filepath: /path/to/trustfile

(i have to admin that the errormessage is lousy, will fix this)

···

Am 26.06.2015 um 09:51 schrieb simon.minery@gmail.com:

Hello, I'm trying to authenticate my users.

Here's part of my config in the elasticsearch.yml :

searchguard.authentication.authentication_backend.impl: com.floragunn.searchguard.authentication.backend.ldap.LDAPAuthenticationBackend
searchguard.authentication.authentication_backend.cache.enable: false
searchguard.authentication.http_authenticator.impl: com.floragunn.searchguard.authentication.http.basic.HTTPBasicAuthenticator
searchguard.authentication.authorizer.cache.enable: false
searchguard.authentication.ldap.host: ["ldap-server.host"]
searchguard.authentication.ldap.ldaps.ssl.enabled: true
searchguard.authentication.ldap.ldaps.starttls.enabled: false
searchguard.authentication.ldap.bind_dn: cn=user,dc=my,dc=ldap.host
searchguard.authentication.ldap.password: userpass
searchguard.authentication.ldap.userbase: ou=users,dc=my,dc=ldap.host
searchguard.authentication.ldap.usersearch: (uid={0})
searchguard.authentication.ldap.username_attribute: cn
searchguard.authentication.authorization.ldap.rolebase: ou=groups,dc=my,dc=ldap.host
searchguard.authentication.authorization.ldap.rolesearch: (memberUid={0})
searchguard.authentication.authorization.ldap.userroleattribute: null
searchguard.authentication.authorization.ldap.userrolename: memberOf
searchguard.authentication.authorization.ldap.rolename: cn
searchguard.authentication.authorization.ldap.resolve_nested_roles: false

Here's the curl trace:

curl -u simon -v -XGET 'http://myes-searchguard:9200/_cluster/health?pretty=true'
Enter host password for user 'simo1234':

* Trying 192.168.200.213... connected
* Server auth using Basic with user 'simon'
> GET /_cluster/health?pretty=true HTTP/1.1
> Authorization: Basic c2ltbzEyMzQ6QWRtaW4xMjMt
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.16.2.3 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Accept: */*
>
< HTTP/1.1 500 Internal Server Error
< Content-Type: application/json; charset=UTF-8
< Content-Length: 114
<
{
  "error" : "AuthException[java.lang.NullPointerException]; nested: NullPointerException; ",
  "status" : 500
}
* Closing connection #0

And here's the node trace:

[2015-06-26 09:49:18,696][ERROR][com.floragunn.searchguard.authentication.backend.ldap.LDAPAuthenticationBackend] java.lang.NullPointerException
java.lang.NullPointerException
        at java.io.File.<init>(File.java:277)
        at com.floragunn.searchguard.authorization.ldap.LDAPAuthorizator.getConnection(LDAPAuthorizator.java:84)
        at com.floragunn.searchguard.authentication.backend.ldap.LDAPAuthenticationBackend.authenticate(LDAPAuthenticationBackend.java:61)
        at com.floragunn.searchguard.authentication.http.basic.HTTPBasicAuthenticator.authenticate(HTTPBasicAuthenticator.java:77)
        at com.floragunn.searchguard.rest.AbstractACRestFilter.process(AbstractACRestFilter.java:178)
        at org.elasticsearch.rest.RestController$ControllerFilterChain.continueProcessing(RestController.java:283)
        at org.elasticsearch.rest.RestController.dispatchRequest(RestController.java:180)
        at org.elasticsearch.http.HttpServer.internalDispatchRequest(HttpServer.java:121)
        at org.elasticsearch.http.HttpServer$Dispatcher.dispatchRequest(HttpServer.java:83)
        at org.elasticsearch.http.netty.NettyHttpServerTransport.dispatchRequest(NettyHttpServerTransport.java:327)
        at org.elasticsearch.http.netty.HttpRequestHandler.messageReceived(HttpRequestHandler.java:63)
        at org.elasticsearch.common.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
        at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
        at org.elasticsearch.common.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)
        at org.elasticsearch.http.netty.pipelining.HttpPipeliningHandler.messageReceived(HttpPipeliningHandler.java:60)
        at org.elasticsearch.common.netty.channel.SimpleChannelHandler.handleUpstream(SimpleChannelHandler.java:88)
        at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
        at org.elasticsearch.common.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)
        at org.elasticsearch.common.netty.handler.codec.http.HttpChunkAggregator.messageReceived(HttpChunkAggregator.java:145)
        at org.elasticsearch.common.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
        at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
        at org.elasticsearch.common.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)
        at org.elasticsearch.common.netty.handler.codec.http.HttpContentDecoder.messageReceived(HttpContentDecoder.java:108)
        at org.elasticsearch.common.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
        at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
        at org.elasticsearch.common.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)
        at org.elasticsearch.common.netty.channel.Channels.fireMessageReceived(Channels.java:296)
        at org.elasticsearch.common.netty.handler.codec.frame.FrameDecoder.unfoldAndFireMessageReceived(FrameDecoder.java:459)
        at org.elasticsearch.common.netty.handler.codec.replay.ReplayingDecoder.callDecode(ReplayingDecoder.java:536)
        at org.elasticsearch.common.netty.handler.codec.replay.ReplayingDecoder.messageReceived(ReplayingDecoder.java:435)
        at org.elasticsearch.common.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
        at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
        at org.elasticsearch.common.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)
        at org.elasticsearch.common.netty.OpenChannelsHandler.handleUpstream(OpenChannelsHandler.java:74)
        at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
        at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559)
        at org.elasticsearch.common.netty.channel.Channels.fireMessageReceived(Channels.java:268)
        at org.elasticsearch.common.netty.channel.Channels.fireMessageReceived(Channels.java:255)
        at org.elasticsearch.common.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88)
        at org.elasticsearch.common.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:108)
        at org.elasticsearch.common.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:337)
        at org.elasticsearch.common.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:89)
        at org.elasticsearch.common.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)
        at org.elasticsearch.common.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108)
        at org.elasticsearch.common.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at java.lang.Thread.run(Thread.java:745)
[2015-06-26 09:49:18,724][ERROR][com.floragunn.searchguard.rest.DefaultRestFilter] com.floragunn.searchguard.authentication.AuthException: java.lang.NullPointerException
com.floragunn.searchguard.authentication.AuthException: java.lang.NullPointerException
        at com.floragunn.searchguard.authentication.backend.ldap.LDAPAuthenticationBackend.authenticate(LDAPAuthenticationBackend.java:108)
        at com.floragunn.searchguard.authentication.http.basic.HTTPBasicAuthenticator.authenticate(HTTPBasicAuthenticator.java:77)
        at com.floragunn.searchguard.rest.AbstractACRestFilter.process(AbstractACRestFilter.java:178)
        at org.elasticsearch.rest.RestController$ControllerFilterChain.continueProcessing(RestController.java:283)
        at org.elasticsearch.rest.RestController.dispatchRequest(RestController.java:180)
        at org.elasticsearch.http.HttpServer.internalDispatchRequest(HttpServer.java:121)
        at org.elasticsearch.http.HttpServer$Dispatcher.dispatchRequest(HttpServer.java:83)
        at org.elasticsearch.http.netty.NettyHttpServerTransport.dispatchRequest(NettyHttpServerTransport.java:327)
        at org.elasticsearch.http.netty.HttpRequestHandler.messageReceived(HttpRequestHandler.java:63)
        at org.elasticsearch.common.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
        at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
        at org.elasticsearch.common.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)
        at org.elasticsearch.http.netty.pipelining.HttpPipeliningHandler.messageReceived(HttpPipeliningHandler.java:60)
        at org.elasticsearch.common.netty.channel.SimpleChannelHandler.handleUpstream(SimpleChannelHandler.java:88)
        at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
        at org.elasticsearch.common.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)
        at org.elasticsearch.common.netty.handler.codec.http.HttpChunkAggregator.messageReceived(HttpChunkAggregator.java:145)
        at org.elasticsearch.common.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
        at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
        at org.elasticsearch.common.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)
        at org.elasticsearch.common.netty.handler.codec.http.HttpContentDecoder.messageReceived(HttpContentDecoder.java:108)
        at org.elasticsearch.common.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
        at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
        at org.elasticsearch.common.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)
        at org.elasticsearch.common.netty.channel.Channels.fireMessageReceived(Channels.java:296)
        at org.elasticsearch.common.netty.handler.codec.frame.FrameDecoder.unfoldAndFireMessageReceived(FrameDecoder.java:459)
        at org.elasticsearch.common.netty.handler.codec.replay.ReplayingDecoder.callDecode(ReplayingDecoder.java:536)
        at org.elasticsearch.common.netty.handler.codec.replay.ReplayingDecoder.messageReceived(ReplayingDecoder.java:435)
        at org.elasticsearch.common.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
        at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
        at org.elasticsearch.common.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)
        at org.elasticsearch.common.netty.OpenChannelsHandler.handleUpstream(OpenChannelsHandler.java:74)
        at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
        at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559)
        at org.elasticsearch.common.netty.channel.Channels.fireMessageReceived(Channels.java:268)
        at org.elasticsearch.common.netty.channel.Channels.fireMessageReceived(Channels.java:255)
        at org.elasticsearch.common.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88)
        at org.elasticsearch.common.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:108)
        at org.elasticsearch.common.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:337)
        at org.elasticsearch.common.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:89)
        at org.elasticsearch.common.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)
        at org.elasticsearch.common.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108)
        at org.elasticsearch.common.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.NullPointerException
        at java.io.File.<init>(File.java:277)
        at com.floragunn.searchguard.authorization.ldap.LDAPAuthorizator.getConnection(LDAPAuthorizator.java:84)
        at com.floragunn.searchguard.authentication.backend.ldap.LDAPAuthenticationBackend.authenticate(LDAPAuthenticationBackend.java:61)
        ... 45 more

Am I configuring something wrong ?

Thank you very much !

--
You received this message because you are subscribed to the Google Groups "Search Guard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/40450caf-55d7-45af-b134-6855e79a3637%40googlegroups.com\.
For more options, visit https://groups.google.com/d/optout\.

simon.minery · June 26, 2015, 1:31pm

That work tremendously great ! Thank you.

···

On Friday, June 26, 2015 at 10:17:48 AM UTC+2, SG wrote:

reason is that you have enabled ssl (searchguard.authentication.ldap.ldaps.ssl.enabled) but not provided key files

searchguard.authentication.ldap.ldaps.truststore_filepath: /path/to/trustfile

(i have to admin that the errormessage is lousy, will fix this)

Am 26.06.2015 um 09:51 schrieb simon....@gmail.com:

Hello, I’m trying to authenticate my users.

Here’s part of my config in the elasticsearch.yml :

searchguard.authentication.authentication_backend.impl: com.floragunn.searchguard.authentication.backend.ldap.LDAPAuthenticationBackend

searchguard.authentication.authentication_backend.cache.enable: false

searchguard.authentication.http_authenticator.impl: com.floragunn.searchguard.authentication.http.basic.HTTPBasicAuthenticator

searchguard.authentication.authorizer.cache.enable: false

searchguard.authentication.ldap.host: [“ldap-server.host”]

searchguard.authentication.ldap.ldaps.ssl.enabled: true

searchguard.authentication.ldap.ldaps.starttls.enabled: false

searchguard.authentication.ldap.bind_dn: cn=user,dc=my,dc=ldap.host

searchguard.authentication.ldap.password: userpass

searchguard.authentication.ldap.userbase: ou=users,dc=my,dc=ldap.host

searchguard.authentication.ldap.usersearch: (uid={0})

searchguard.authentication.ldap.username_attribute: cn

searchguard.authentication.authorization.ldap.rolebase: ou=groups,dc=my,dc=ldap.host

searchguard.authentication.authorization.ldap.rolesearch: (memberUid={0})

searchguard.authentication.authorization.ldap.userroleattribute: null

searchguard.authentication.authorization.ldap.userrolename: memberOf

searchguard.authentication.authorization.ldap.rolename: cn

searchguard.authentication.authorization.ldap.resolve_nested_roles: false

Here’s the curl trace:

curl -u simon -v -XGET ‘http://myes-searchguard:9200/_cluster/health?pretty=true’

Enter host password for user ‘simo1234’:

Trying 192.168.200.213… connected

Server auth using Basic with user ‘simon’

GET /_cluster/health?pretty=true HTTP/1.1

Authorization: Basic c2ltbzEyMzQ6QWRtaW4xMjMt

User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.16.2.3 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2

Accept: /

< HTTP/1.1 500 Internal Server Error

< Content-Type: application/json; charset=UTF-8

< Content-Length: 114

<

{

“error” : "AuthException[java.lang.NullPointerException]; nested: NullPointerException; ",

“status” : 500

}

Closing connection #0

And here’s the node trace:

[2015-06-26 09:49:18,696][ERROR][com.floragunn.searchguard.authentication.backend.ldap.LDAPAuthenticationBackend] java.lang.NullPointerException

java.lang.NullPointerException

    at java.io.File.<init>(File.java:277)

    at com.floragunn.searchguard.authorization.ldap.LDAPAuthorizator.getConnection(LDAPAuthorizator.java:84)

    at com.floragunn.searchguard.authentication.backend.ldap.LDAPAuthenticationBackend.authenticate(LDAPAuthenticationBackend.java:61)

    at com.floragunn.searchguard.authentication.http.basic.HTTPBasicAuthenticator.authenticate(HTTPBasicAuthenticator.java:77)

    at com.floragunn.searchguard.rest.AbstractACRestFilter.process(AbstractACRestFilter.java:178)

    at org.elasticsearch.rest.RestController$ControllerFilterChain.continueProcessing(RestController.java:283)

    at org.elasticsearch.rest.RestController.dispatchRequest(RestController.java:180)

    at org.elasticsearch.http.HttpServer.internalDispatchRequest(HttpServer.java:121)

    at org.elasticsearch.http.HttpServer$Dispatcher.dispatchRequest(HttpServer.java:83)

    at org.elasticsearch.http.netty.NettyHttpServerTransport.dispatchRequest(NettyHttpServerTransport.java:327)

    at org.elasticsearch.http.netty.HttpRequestHandler.messageReceived(HttpRequestHandler.java:63)

    at org.elasticsearch.common.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)

    at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)

    at org.elasticsearch.common.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)

    at org.elasticsearch.http.netty.pipelining.HttpPipeliningHandler.messageReceived(HttpPipeliningHandler.java:60)

    at org.elasticsearch.common.netty.channel.SimpleChannelHandler.handleUpstream(SimpleChannelHandler.java:88)

    at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)

    at org.elasticsearch.common.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)

    at org.elasticsearch.common.netty.handler.codec.http.HttpChunkAggregator.messageReceived(HttpChunkAggregator.java:145)

    at org.elasticsearch.common.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)

    at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)

    at org.elasticsearch.common.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)

    at org.elasticsearch.common.netty.handler.codec.http.HttpContentDecoder.messageReceived(HttpContentDecoder.java:108)

    at org.elasticsearch.common.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)

    at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)

    at org.elasticsearch.common.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)

    at org.elasticsearch.common.netty.channel.Channels.fireMessageReceived(Channels.java:296)

    at org.elasticsearch.common.netty.handler.codec.frame.FrameDecoder.unfoldAndFireMessageReceived(FrameDecoder.java:459)

    at org.elasticsearch.common.netty.handler.codec.replay.ReplayingDecoder.callDecode(ReplayingDecoder.java:536)

    at org.elasticsearch.common.netty.handler.codec.replay.ReplayingDecoder.messageReceived(ReplayingDecoder.java:435)

    at org.elasticsearch.common.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)

    at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)

    at org.elasticsearch.common.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)

    at org.elasticsearch.common.netty.OpenChannelsHandler.handleUpstream(OpenChannelsHandler.java:74)

    at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)

    at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559)

    at org.elasticsearch.common.netty.channel.Channels.fireMessageReceived(Channels.java:268)

    at org.elasticsearch.common.netty.channel.Channels.fireMessageReceived(Channels.java:255)

    at org.elasticsearch.common.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88)

    at org.elasticsearch.common.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:108)

    at org.elasticsearch.common.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:337)

    at org.elasticsearch.common.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:89)

    at org.elasticsearch.common.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)

    at org.elasticsearch.common.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108)

    at org.elasticsearch.common.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)

    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)

    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)

    at java.lang.Thread.run(Thread.java:745)

[2015-06-26 09:49:18,724][ERROR][com.floragunn.searchguard.rest.DefaultRestFilter] com.floragunn.searchguard.authentication.AuthException: java.lang.NullPointerException

com.floragunn.searchguard.authentication.AuthException: java.lang.NullPointerException

    at com.floragunn.searchguard.authentication.backend.ldap.LDAPAuthenticationBackend.authenticate(LDAPAuthenticationBackend.java:108)

    at com.floragunn.searchguard.authentication.http.basic.HTTPBasicAuthenticator.authenticate(HTTPBasicAuthenticator.java:77)

    at com.floragunn.searchguard.rest.AbstractACRestFilter.process(AbstractACRestFilter.java:178)

    at org.elasticsearch.rest.RestController$ControllerFilterChain.continueProcessing(RestController.java:283)

    at org.elasticsearch.rest.RestController.dispatchRequest(RestController.java:180)

    at org.elasticsearch.http.HttpServer.internalDispatchRequest(HttpServer.java:121)

    at org.elasticsearch.http.HttpServer$Dispatcher.dispatchRequest(HttpServer.java:83)

    at org.elasticsearch.http.netty.NettyHttpServerTransport.

Ijaz_Ahmad · March 7, 2016, 1:41pm

hi , i have an elasticsearch setup with kibana and searchguard plugin , i wornder how you have mapped ldap groups to elasticsearch roles.

···

On Friday, June 26, 2015 at 3:31:45 PM UTC+2, simon....@gmail.com wrote:

That work tremendously great ! Thank you.

On Friday, June 26, 2015 at 10:17:48 AM UTC+2, SG wrote:
reason is that you have enabled ssl (searchguard.authentication.ldap.ldaps.ssl.enabled) but not provided key files

searchguard.authentication.ldap.ldaps.truststore_filepath: /path/to/trustfile

(i have to admin that the errormessage is lousy, will fix this)

Am 26.06.2015 um 09:51 schrieb simon....@gmail.com:

Hello, I’m trying to authenticate my users.

Here’s part of my config in the elasticsearch.yml :

searchguard.authentication.authentication_backend.impl: com.floragunn.searchguard.authentication.backend.ldap.LDAPAuthenticationBackend

searchguard.authentication.authentication_backend.cache.enable: false

searchguard.authentication.http_authenticator.impl: com.floragunn.searchguard.authentication.http.basic.HTTPBasicAuthenticator

searchguard.authentication.authorizer.cache.enable: false

searchguard.authentication.ldap.host: [“ldap-server.host”]

searchguard.authentication.ldap.ldaps.ssl.enabled: true

searchguard.authentication.ldap.ldaps.starttls.enabled: false

searchguard.authentication.ldap.bind_dn: cn=user,dc=my,dc=ldap.host

searchguard.authentication.ldap.password: userpass

searchguard.authentication.ldap.userbase: ou=users,dc=my,dc=ldap.host

searchguard.authentication.ldap.usersearch: (uid={0})

searchguard.authentication.ldap.username_attribute: cn

searchguard.authentication.authorization.ldap.rolebase: ou=groups,dc=my,dc=ldap.host

searchguard.authentication.authorization.ldap.rolesearch: (memberUid={0})

searchguard.authentication.authorization.ldap.userroleattribute: null

searchguard.authentication.authorization.ldap.userrolename: memberOf

searchguard.authentication.authorization.ldap.rolename: cn

searchguard.authentication.authorization.ldap.resolve_nested_roles: false

Here’s the curl trace:

curl -u simon -v -XGET ‘http://myes-searchguard:9200/_cluster/health?pretty=true’

Enter host password for user ‘simo1234’:

Trying 192.168.200.213… connected

Server auth using Basic with user ‘simon’

GET /_cluster/health?pretty=true HTTP/1.1

Authorization: Basic c2ltbzEyMzQ6QWRtaW4xMjMt

User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.16.2.3 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2

Accept: /

< HTTP/1.1 500 Internal Server Error

< Content-Type: application/json; charset=UTF-8

< Content-Length: 114

<

{

“error” : "AuthException[java.lang.NullPointerException]; nested: NullPointerException; ",

“status” : 500

}

Closing connection #0

And here’s the node trace:

[2015-06-26 09:49:18,696][ERROR][com.floragunn.searchguard.authentication.backend.ldap.LDAPAuthenticationBackend] java.lang.NullPointerException

java.lang.NullPointerException
    at java.io.File.<init>(File.java:277)
    at com.floragunn.searchguard.authorization.ldap.LDAPAuthorizator.getConnection(LDAPAuthorizator.java:84)
    at com.floragunn.searchguard.authentication.backend.ldap.LDAPAuthenticationBackend.authenticate(LDAPAuthenticationBackend.java:61)
    at com.floragunn.searchguard.authentication.http.basic.HTTPBasicAuthenticator.authenticate(HTTPBasicAuthenticator.java:77)
    at com.floragunn.searchguard.rest.AbstractACRestFilter.process(AbstractACRestFilter.java:178)
    at org.elasticsearch.rest.RestController$ControllerFilterChain.continueProcessing(RestController.java:283)
    at org.elasticsearch.rest.RestController.dispatchRequest(RestController.java:180)
    at org.elasticsearch.http.HttpServer.internalDispatchRequest(HttpServer.java:121)
    at org.elasticsearch.http.HttpServer$Dispatcher.dispatchRequest(HttpServer.java:83)
    at org.elasticsearch.http.netty.NettyHttpServerTransport.dispatchRequest(NettyHttpServerTransport.java:327)
    at org.elasticsearch.http.netty.HttpRequestHandler.messageReceived(HttpRequestHandler.java:63)
    at org.elasticsearch.common.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
    at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
    at org.elasticsearch.common.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)
    at org.elasticsearch.http.netty.pipelining.HttpPipeliningHandler.messageReceived(HttpPipeliningHandler.java:60)
    at org.elasticsearch.common.netty.channel.SimpleChannelHandler.handleUpstream(SimpleChannelHandler.java:88)
    at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
    at org.elasticsearch.common.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)
    at org.elasticsearch.common.netty.handler.codec.http.HttpChunkAggregator.messageReceived(HttpChunkAggregator.java:145)
    at org.elasticsearch.common.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
    at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
    at org.elasticsearch.common.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)
    at org.elasticsearch.common.netty.handler.codec.http.HttpContentDecoder.messageReceived(HttpContentDecoder.java:108)
    at org.elasticsearch.common.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
    at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
    at org.elasticsearch.common.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)
    at org.elasticsearch.common.netty.channel.Channels.fireMessageReceived(Channels.java:296)
    at org.elasticsearch.common.netty.handler.codec.frame.FrameDecoder.unfoldAndFireMessageReceived(FrameDecoder.java:459)
    at org.elasticsearch.common.netty.handler.codec.replay.ReplayingDecoder.callDecode(ReplayingDecoder.java:536)
    at org.elasticsearch.common.netty.handler.codec.replay.ReplayingDecoder.messageReceived(ReplayingDecoder.java:435)
    at org.elasticsearch.common.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
    at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
    at org.elasticsearch.common.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)
    at org.elasticsearch.common.netty.OpenChannelsHandler.handleUpstream(OpenChannelsHandler.java:74)
    at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
    at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559)
    at org.elasticsearch.common.netty.channel.Channels.fireMessageReceived(Channels.java:268)
    at org.elasticsearch.common.netty.channel.Channels.fireMessageReceived(Channels.java:255)
    at org.elasticsearch.common.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88)
    at org.elasticsearch.common.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:108)
    at org.elasticsearch.common.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:337)
    at org.elasticsearch.common.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:89)
    at org.elasticsearch.common.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)
    at org.elasticsearch.common.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108)
    at org.elasticsearch.common.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:745)
[2015-06-26 09:49:18,724][ERROR][com.floragunn.searchguard.rest.DefaultRestFilter] com.floragunn.searchguard.authentication.AuthException: java.lang.NullPointerException

com.floragunn.searchguard.authentication.AuthException: java.lang.NullPointerException
    at com.floragunn.searchguard.authentication.backend.ldap.LDAPAuthenticationBackend.authenticate(LDAPAuthenticationBackend.java:108)
    at com.floragunn.searchguard.authentication.http.basic.HTTPBasicAuthenticator.authenticate(HTTPBasicAuthenticator.java:77)
    at com.floragunn.searchguard.rest.AbstractACRestFilter.process(AbstractACRestFilter.java:178)
    at org.elasticsearch.rest.RestController$ControllerFilterChain.continueProcessing(RestController.java:283)
    at org.elasticsearch.rest.RestController.dispatchRequest(RestController.java:180)
    at org.elasticsearch.http.HttpServer.internalDispatchRequest(HttpServer.java:121)
    at org.elasticsearch.http.HttpServer$Dispatcher.dispatchRequest(HttpServer.

Alfred88 · March 10, 2016, 1:25am

HI Simon,

may i know what SG version you use?
i am wondering if SG 2.2 can use your config also instead using the sgconfig file.

Thanks,
alfred

···

On Friday, June 26, 2015 at 3:51:13 PM UTC+8, simon....@gmail.com wrote:

Hello, I’m trying to authenticate my users.

Here’s part of my config in the elasticsearch.yml :

searchguard.authentication.authentication_backend.impl: com.floragunn.searchguard.authentication.backend.ldap.LDAPAuthenticationBackend
searchguard.authentication.authentication_backend.cache.enable: false
searchguard.authentication.http_authenticator.impl: com.floragunn.searchguard.authentication.http.basic.HTTPBasicAuthenticator
searchguard.authentication.authorizer.cache.enable: false
searchguard.authentication.ldap.host: [“ldap-server.host”]
searchguard.authentication.ldap.ldaps.ssl.enabled: true
searchguard.authentication.ldap.ldaps.starttls.enabled: false
searchguard.authentication.ldap.bind_dn: cn=user,dc=my,dc=ldap.host
searchguard.authentication.ldap.password: userpass
searchguard.authentication.ldap.userbase: ou=users,dc=my,dc=ldap.host
searchguard.authentication.ldap.usersearch: (uid={0})
searchguard.authentication.ldap.username_attribute: cn
searchguard.authentication.authorization.ldap.rolebase: ou=groups,dc=my,dc=ldap.host
searchguard.authentication.authorization.ldap.rolesearch: (memberUid={0})
searchguard.authentication.authorization.ldap.userroleattribute: null
searchguard.authentication.authorization.ldap.userrolename: memberOf
searchguard.authentication.authorization.ldap.rolename: cn
searchguard.authentication.authorization.ldap.resolve_nested_roles: false

Here’s the curl trace:

curl -u simon -v -XGET ‘http://myes-searchguard:9200/_cluster/health?pretty=true’
Enter host password for user ‘simo1234’:

Trying 192.168.200.213… connected

Server auth using Basic with user ‘simon’

GET /_cluster/health?pretty=true HTTP/1.1
Authorization: Basic c2ltbzEyMzQ6QWRtaW4xMjMt
User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.16.2.3 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
Accept: /

< HTTP/1.1 500 Internal Server Error
< Content-Type: application/json; charset=UTF-8
< Content-Length: 114
<
{
“error” : "AuthException[java.lang.NullPointerException]; nested: NullPointerException; ",
“status” : 500
}

Closing connection #0

And here’s the node trace:

[2015-06-26 09:49:18,696][ERROR][com.floragunn.searchguard.authentication.backend.ldap.LDAPAuthenticationBackend] java.lang.NullPointerException
java.lang.NullPointerException
at java.io.File.(File.java:277)
at com.floragunn.searchguard.authorization.ldap.LDAPAuthorizator.getConnection(LDAPAuthorizator.java:84)
at com.floragunn.searchguard.authentication.backend.ldap.LDAPAuthenticationBackend.authenticate(LDAPAuthenticationBackend.java:61)
at com.floragunn.searchguard.authentication.http.basic.HTTPBasicAuthenticator.authenticate(HTTPBasicAuthenticator.java:77)
at com.floragunn.searchguard.rest.AbstractACRestFilter.process(AbstractACRestFilter.java:178)
at org.elasticsearch.rest.RestController$ControllerFilterChain.continueProcessing(RestController.java:283)
at org.elasticsearch.rest.RestController.dispatchRequest(RestController.java:180)
at org.elasticsearch.http.HttpServer.internalDispatchRequest(HttpServer.java:121)
at org.elasticsearch.http.HttpServer$Dispatcher.dispatchRequest(HttpServer.java:83)
at org.elasticsearch.http.netty.NettyHttpServerTransport.dispatchRequest(NettyHttpServerTransport.java:327)
at org.elasticsearch.http.netty.HttpRequestHandler.messageReceived(HttpRequestHandler.java:63)
at org.elasticsearch.common.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
at org.elasticsearch.common.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)
at org.elasticsearch.http.netty.pipelining.HttpPipeliningHandler.messageReceived(HttpPipeliningHandler.java:60)
at org.elasticsearch.common.netty.channel.SimpleChannelHandler.handleUpstream(SimpleChannelHandler.java:88)
at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
at org.elasticsearch.common.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)
at org.elasticsearch.common.netty.handler.codec.http.HttpChunkAggregator.messageReceived(HttpChunkAggregator.java:145)
at org.elasticsearch.common.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
at org.elasticsearch.common.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)
at org.elasticsearch.common.netty.handler.codec.http.HttpContentDecoder.messageReceived(HttpContentDecoder.java:108)
at org.elasticsearch.common.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
at org.elasticsearch.common.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)
at org.elasticsearch.common.netty.channel.Channels.fireMessageReceived(Channels.java:296)
at org.elasticsearch.common.netty.handler.codec.frame.FrameDecoder.unfoldAndFireMessageReceived(FrameDecoder.java:459)
at org.elasticsearch.common.netty.handler.codec.replay.ReplayingDecoder.callDecode(ReplayingDecoder.java:536)
at org.elasticsearch.common.netty.handler.codec.replay.ReplayingDecoder.messageReceived(ReplayingDecoder.java:435)
at org.elasticsearch.common.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
at org.elasticsearch.common.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)
at org.elasticsearch.common.netty.OpenChannelsHandler.handleUpstream(OpenChannelsHandler.java:74)
at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559)
at org.elasticsearch.common.netty.channel.Channels.fireMessageReceived(Channels.java:268)
at org.elasticsearch.common.netty.channel.Channels.fireMessageReceived(Channels.java:255)
at org.elasticsearch.common.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88)
at org.elasticsearch.common.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:108)
at org.elasticsearch.common.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:337)
at org.elasticsearch.common.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:89)
at org.elasticsearch.common.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)
at org.elasticsearch.common.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108)
at org.elasticsearch.common.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
[2015-06-26 09:49:18,724][ERROR][com.floragunn.searchguard.rest.DefaultRestFilter] com.floragunn.searchguard.authentication.AuthException: java.lang.NullPointerException
com.floragunn.searchguard.authentication.AuthException: java.lang.NullPointerException
at com.floragunn.searchguard.authentication.backend.ldap.LDAPAuthenticationBackend.authenticate(LDAPAuthenticationBackend.java:108)
at com.floragunn.searchguard.authentication.http.basic.HTTPBasicAuthenticator.authenticate(HTTPBasicAuthenticator.java:77)
at com.floragunn.searchguard.rest.AbstractACRestFilter.process(AbstractACRestFilter.java:178)
at org.elasticsearch.rest.RestController$ControllerFilterChain.continueProcessing(RestController.java:283)
at org.elasticsearch.rest.RestController.dispatchRequest(RestController.java:180)
at org.elasticsearch.http.HttpServer.internalDispatchRequest(HttpServer.java:121)
at org.elasticsearch.http.HttpServer$Dispatcher.dispatchRequest(HttpServer.java:83)
at org.elasticsearch.http.netty.NettyHttpServerTransport.dispatchRequest(NettyHttpServerTransport.java:327)
at org.elasticsearch.http.netty.HttpRequestHandler.messageReceived(HttpRequestHandler.java:63)
at org.elasticsearch.common.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
at org.elasticsearch.common.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)
at org.elasticsearch.http.netty.pipelining.HttpPipeliningHandler.messageReceived(HttpPipeliningHandler.java:60)
at org.elasticsearch.common.netty.channel.SimpleChannelHandler.

Topic		Replies	Views
LDAP issues Search Guard	0	338	July 15, 2015
[search-guard group] LDAP issues Search Guard	0	418	July 19, 2015
Authorization error Search Guard	0	376	June 30, 2017
LDAP Roles not mapping correctly Search Guard	2	576	September 27, 2016
search ldap authorization error Search Guard	0	364	March 8, 2016

Help with LDAP authentification

Related Topics