Hello,
Im having trouble logging into Kibana and Elastic (via cURL) - The error I get when trying to login is:
elasticsearchguard-elasticsearchguard-4 | 2018-08-22T01:28:37.902305000Z [2018-08-22T01:28:37,901][WARN ][c.f.d.a.l.b.LDAPAuthorizationBackend] Unable to connect to ldapserver act-actn-aa1.foobar.com:636 due to [org.ldaptive.OperationException@1008907215::resultCode=PROTOCOL_ERROR, matchedDn=null, responseControls=null, referralURLs=null, messageId=-1, message=javax.naming.CommunicationException: act-actn-aa1.foobar.com:636 [Root exception is java.lang.ClassNotFoundException: org.ldaptive.ssl.ThreadLocalTLSSocketFactory], providerException=javax.naming.CommunicationException: act-actn-aa1.foobar.com:636 [Root exception is java.lang.ClassNotFoundException: org.ldaptive.ssl.ThreadLocalTLSSocketFactory]]. Try next.
``
Any help is appreciated.
Thanks
- Search Guard and Elasticsearch version
ENV ES_VERSION 6.3.2
ENV SG_VERSION “23.0”
- JVM version and operating system version
Elasticsearch Docker Image - OpenJDK
- Search Guard configuration files : sg_config.yml
searchguard:
dynamic:
http:
anonymous_auth_enabled: true
xff:
enabled: true
remoteIpHeader: ‘x-forwarded-for’
proxiesHeader: ‘x-forwarded-by’
authc:
basic_internal_auth_domain:
http_enabled: true
transport_enabled: true
order: 0
http_authenticator:
type: basic
challenge: true
authentication_backend:
type: intern
ldap:
enabled: true
order: 1
http_authenticator:
type: basic
challenge: true
authentication_backend:
type: ldap
config:
enable_ssl: true
enable_start_tls: false
enable_ssl_client_auth: false
verify_hostnames: false
pemtrustedcas_filepath: /usr/share/elasticsearch/config/ssl/ldapRootCA.pem
hosts:
- act-actn-aa1.foobar.com:636
- nsw-rsby-aa1.foobar.com:636
- tas-dwpk-aa1.foobar.com:636
userbase: ‘ou=Active Staff,ou=People,dc=foobar,dc=com’
usersearch: ‘(uid={0})’
username_attribute: uid
authz:
ldap:
enabled: true
authorization_backend:
type: ldap
config:
pemtrustedcas_filepath: /usr/share/elasticsearch/config/ssl/ldapRootCA.pem
enable_ssl: true
enable_start_tls: false
enable_ssl_client_auth: false
verify_hostnames: false
hosts:
- act-actn-aa1.foobar.com:636
- nsw-rsby-aa1.foobar.com:636
- tas-dwpk-aa1.foobar.com:636
userbase: ‘ou=Active Staff,ou=People,dc=foobar,dc=com’
usersearch: ‘(uid={0})’
username_attribute: uid
rolebase: ‘ou=Elastic,ou=Roles,dc=foobar,dc=com’
rolesearch: ‘(memberUid={1})’
userroleattribute: null
userrolename: none
rolename: cn
resolve_nested_roles: true
skip_users:
- kibanaserver
- ‘cn=Michael Jackson,oupeople,o=TEST’
- '/\S/’
``
- Elasticsearch log messages on normal level
elasticsearchguard-elasticsearchguard-4 | 2018-08-22T01:28:37.902305000Z [2018-08-22T01:28:37,901][WARN ][c.f.d.a.l.b.LDAPAuthorizationBackend] Unable to connect to ldapserver act-actn-aa1.foobar.com:636 due to [org.ldaptive.OperationException@1008907215::resultCode=PROTOCOL_ERROR, matchedDn=null, responseControls=null, referralURLs=null, messageId=-1, message=javax.naming.CommunicationException: act-actn-aa1.foobar.com:636 [Root exception is java.lang.ClassNotFoundException: org.ldaptive.ssl.ThreadLocalTLSSocketFactory], providerException=javax.naming.CommunicationException: act-actn-aa1.foobar.com:636 [Root exception is java.lang.ClassNotFoundException: org.ldaptive.ssl.ThreadLocalTLSSocketFactory]]. Try next.
This ^^ message repeats for other 2 LDAP servers
kibana-wazuh-kibana-5 | 2018-08-22T02:01:12.002634000Z {“type”:“response”,“@timestamp”:“2018-08-22T02:01:11Z”,“tags”:,“pid”:1,“method”:“post”,“statusCode”:401,“req”:{“url”:“/api/v1/auth/login”,“method”:“post”,“headers”:{“host”:“act-dksn-ls1.foobar.com:5601”,“user-agent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0”,“accept”:“application/json, text/plain, /”,“accept-language”:“en-US,en;q=0.5”,“accept-encoding”:“gzip, deflate”,“referer”:“http://act-dksn-ls1.foobar.com:5601/login?nextUrl=%2F",“content-type”:“application/json;charset=utf-8”,“kbn-version”:“6.3.2”,“content-length”:“57”,“connection”:“keep-alive”,“dnt”:“1”},“remoteAddress”:“10.1.2.12”,“userAgent”:“10.1.2.12”,“referer”:“http://act-dksn-ls1.foobar.com:5601/login?nextUrl=%2F”},“res”:{“statusCode”:401,“responseTime”:286,“contentLength”:9},“message”:"POST /api/v1/auth/login 401 286ms - 9.0B”}
``
- Other installed Elasticsearch or Kibana plugins, if any
Kibana Plugins (Wazuh 3.5.0)