Can you provide the elasticsearch log please ?
···
On Friday, July 10, 2015 at 7:23:54 PM UTC+2, Evan Bradham wrote:
I am trying to get LDAP auth working and having no success. I feel like I missing something that should likely be obvious. Can you help out? Thanks.
Note that *'s were added to obfuscate.
Here is my .yml configuration:
searchguard.check_for_root: false
searchguard.key_path: /etc/searchguard
searchguard.rewrite_get_as_search: true
searchguard.authentication.authentication_backend.impl: com.floragunn.searchguard.authentication.backend.ldap.LDAPAuthenticationBackend
searchguard.authentication.authorizer.impl: com.floragunn.searchguard.authorization.ldap.LDAPAuthorizator
searchguard.authentication.ldap.host: [“ldap.***.edu:389”]
searchguard.authentication.ldap.ldaps.ssl.enabled: false
searchguard.authentication.ldap.ldaps.starttls.enabled: false
searchguard.authentication.ldap.userbase: ou=People,o=***.edu
searchguard.authentication.ldap.usersearch: (uid={0})
searchguard.authentication.ldap.username_attribute: uid
``
Here is my curl test with results:
curl -u user -v -XGET ‘http://...:9200/_cluster/health?pretty=true’
``
Enter host password for user ‘user’:
- Hostname was NOT found in DNS cache
- Trying ...…
- Connected to ... (...) port 9200 (#0)
- Server auth using Basic with user ‘user’
GET /_cluster/health?pretty=true HTTP/1.1
Authorization: Basic ZWJyYWRoYW06czljOWRUcnRNWDBF
User-Agent: curl/7.35.0
Host: ...:9200
Accept: /
< HTTP/1.1 500 Internal Server Error
< Content-Type: application/json; charset=UTF-8
< Content-Length: 245
<
{
“error” : "AuthException[com.floragunn.searchguard.authentication.AuthException: No user user or wrong password (digest: plain/none)]; nested: AuthException[No user user or wrong password (digest: plain/none)]; ",
“status” : 500
}
- Connection #0 to host ... left intact
I am using the basic ACL from the installation guide:
curl -XPUT '[http://localhost:9200/searchguard/ac/ac](http://localhost:9200/searchguard/ac/ac)' -d '{ "acl": [ { "__Comment__": "By default no filters are executed and no filters a by-passed. In such a case an exception is thrown and access will be denied.", "filters_bypass": [], "filters_execute": [] }, { "__Comment__": "For role *admin* all filters are bypassed (so none will be executed). This means unrestricted access.", "roles": [ "admin" ], "filters_bypass": ["*"], "filters_execute": [] } ] }'
``