Searchgaurd6
I want to grant admin role to ‘CN=spock,OU=client,O=client,L=Test,C=DE’ which is a certficate.
but it show “no permissions for [indices:data/write/bulk] and User [name=CN=spock,OU=client,O=client,L=Test,C=DE, roles=, requestedTenant=null]” when I create index… could u tell why and how to config certificate user. I didn’t find example demo.
log:
I config the sgconfig files as follows:
1.sg_internal_users.yml
2.sg_roles_mapping.yml
When asking questions, please provide the following information:
-
Search Guard and Elasticsearch version
-
Installed and used enterprise modules, if any
-
JVM version and operating system version
-
Search Guard configuration files
-
Elasticsearch log messages on debug level
-
Other installed Elasticsearch or Kibana plugins, if any
You are using backend roles to map the user to the sg_all_access role, however, the DN of the certificate is the user name, not any backend role.
Try mapping the certificate via username, like:
sg_all_access:
users:
- “CN=spock, OU=…”
``
···
On Tuesday, June 26, 2018 at 10:15:52 AM UTC+2, 775878550@qq.com wrote:
Searchgaurd6
I want to grant admin role to ‘CN=spock,OU=client,O=client,L=Test,C=DE’ which is a certficate.
but it show “no permissions for [indices:data/write/bulk] and User [name=CN=spock,OU=client,O=client,L=Test,C=DE, roles=, requestedTenant=null]” when I create index… could u tell why and how to config certificate user. I didn’t find example demo.
log:
I config the sgconfig files as follows:
1.sg_internal_users.yml
2.sg_roles_mapping.yml
When asking questions, please provide the following information:
- Search Guard and Elasticsearch version
- Installed and used enterprise modules, if any
- JVM version and operating system version
- Search Guard configuration files
- Elasticsearch log messages on debug level
- Other installed Elasticsearch or Kibana plugins, if any
