Enter code here…
``
Hi,
From TRACE, I do see that there GuavaCachingAuthorizator for roles, but not seeing Authn
Also, logon info on ldap server even view.
Is there any config or setting that i’m missing other than
searchguard.authentication.authentication_backend.cache.enable: true
searchguard.authentication.authorizer.cache.enable: true
[2015-06-11 14:34:47,419][TRACE][com.floragunn.searchguard.rest.DefaultRestFilter] Path: GET /XXXX/XXX/_search
[2015-06-11 14:34:47,419][TRACE][com.floragunn.searchguard.rest.DefaultRestFilter] Headers: [Host=10.x.xx.xxx:9200, Connection=keep-alive, CSP=active, Cache-Control=no-cache, User-Agent=Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.124 Safari/537.36, Authorization=Basic zzzzzzz=, Postman-Token=24b12e74-b7f0-b5e7-85dc-de93f9fdd5f1, Accept=/, Accept-Encoding=gzip, deflate, sdch, Accept-Language=en-US,en;q=0.8]
[2015-06-11 14:34:47,419][TRACE][com.floragunn.searchguard.rest.DefaultRestFilter] Source:
[2015-06-11 14:34:47,420][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] This is a connection from 10.x.xx.xx
[2015-06-11 14:34:47,451][TRACE][com.floragunn.searchguard.authorization.ldap.LDAPAuthorizator]
Connect to 10.x.xx.xxx:389
``
[2015-06-11 14:34:47,912][TRACE][com.floragunn.searchguard.authentication.backend.ldap.LDAPAuthenticationBackend] Disconnect CN=x,CN=y,DC=z,DC=LOCAL
[2015-06-11 14:34:47,924][TRACE][com.floragunn.searchguard.authorization.ldap.LDAPAuthorizator] Connect to 10.x.xx.xxx:389
[2015-06-11 14:34:47,929][TRACE][com.floragunn.searchguard.authentication.backend.ldap.LDAPAuthenticationBackend] Try to authenticate dn CN=x,OU=y,DC=z,DC=LOCAL
[2015-06-11 14:34:47,934][DEBUG][com.floragunn.searchguard.authentication.backend.ldap.LDAPAuthenticationBackend] Authenticated username CN=x,OU=y,DC=z,DC=LOCAL
[2015-06-11 14:34:47,936][TRACE][com.floragunn.searchguard.authorization.GuavaCachingAuthorizator] Return roles from cache for com.floragunn.searchguard.authentication.AuthCredentials@8b265980
[2015-06-11 14:34:47,936][TRACE][com.floragunn.searchguard.authorization.GuavaCachingAuthorizator] Populate roles to cache for Tuple [v1=User [name=CN=x,OU=y,DC=z,DC=LOCAL, roles=], v2=com.floragunn.searchguard.authentication.AuthCredentials@8b265980]
[2015-06-11 14:34:47,943][TRACE][com.floragunn.searchguard.authorization.ldap.LDAPAuthorizator] Connect to 10.x.xx.xxx:389
[2015-06-11 14:34:47,951][TRACE][com.floragunn.searchguard.authorization.ldap.LDAPAuthorizator] CN=x,OU=y,DC=z,DC=LOCAL is a valid DN
[2015-06-11 14:34:47,966][TRACE][com.floragunn.searchguard.authorization.ldap.LDAPAuthorizator] User found with DN CN=x,OU=y,DC=z,DC=LOCAL
[2015-06-11 14:34:47,967][TRACE][com.floragunn.searchguard.authorization.ldap.LDAPAuthorizator] User roles count: 1
[2015-06-11 14:34:47,973][TRACE][com.floragunn.searchguard.authorization.ldap.LDAPAuthorizator] non user roles count: 1
[2015-06-11 14:34:47,979][DEBUG][com.floragunn.searchguard.authentication.http.basic.HTTPBasicAuthenticator] User ‘User [name=CN=x,OU=y,DC=z,DC=LOCAL, roles=[Elasticsearch Admin]]’ is authenticated
[2015-06-11 14:34:47,979][TRACE][com.floragunn.searchguard.rest.DefaultRestFilter] Authentication finished
[2015-06-11 14:34:47,980][INFO ][com.floragunn.searchguard.rest.DefaultRestFilter] Authenticated user is User [name=CN=x,OU=y,DC=z,DC=LOCAL, roles=[Elasticsearch Admin]]
Enter code here…
``
[2015-06-11 14:35:02,563][TRACE][com.floragunn.searchguard.rest.DefaultRestFilter] Path: GET /XXXX/XXX/_search
[2015-06-11 14:35:02,563][TRACE][com.floragunn.searchguard.rest.DefaultRestFilter] Headers: [Host=10.x.xx.xxx:9200, Connection=keep-alive, CSP=active, Cache-Control=no-cache, User-Agent=Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.124 Safari/537.36, Authorization=Basic zzzzzzz=, Postman-Token=070dc4d5-d376-56da-27d9-8d23420082d4, Accept=/, Accept-Encoding=gzip, deflate, sdch, Accept-Language=en-US,en;q=0.8]
[2015-06-11 14:35:02,563][TRACE][com.floragunn.searchguard.rest.DefaultRestFilter] Source:
[2015-06-11 14:35:02,563][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] This is a connection from 10.x.xx.xx
[2015-06-11 14:35:02,569][TRACE][com.floragunn.searchguard.authorization.ldap.LDAPAuthorizator] Connect to 10.x.xx.xxx:389
[2015-06-11 14:35:02,583][TRACE][com.floragunn.searchguard.authentication.backend.ldap.LDAPAuthenticationBackend] Disconnect CN=x,CN=y,DC=z,DC=LOCAL
[2015-06-11 14:35:02,589][TRACE][com.floragunn.searchguard.authorization.ldap.LDAPAuthorizator] Connect to 10.x.xx.xxx:389
[2015-06-11 14:35:02,594][TRACE][com.floragunn.searchguard.authentication.backend.ldap.LDAPAuthenticationBackend] Try to authenticate dn CN=x,OU=y,DC=z,DC=LOCAL
[2015-06-11 14:35:02,598][DEBUG][com.floragunn.searchguard.authentication.backend.ldap.LDAPAuthenticationBackend] Authenticated username CN=x,OU=y,DC=z,DC=LOCAL
[2015-06-11 14:35:02,599][TRACE][com.floragunn.searchguard.authorization.GuavaCachingAuthorizator] Return roles from cache for com.floragunn.searchguard.authentication.AuthCredentials@8b265980
[2015-06-11 14:35:02,599][DEBUG][com.floragunn.searchguard.authentication.http.basic.HTTPBasicAuthenticator] User ‘User [name=CN=x,OU=y,DC=z,DC=LOCAL, roles=[Elasticsearch Admin]]’ is authenticated
[2015-06-11 14:35:02,599][TRACE][com.floragunn.searchguard.rest.DefaultRestFilter] Authentication finished
[2015-06-11 14:35:02,599][INFO ][com.floragunn.searchguard.rest.DefaultRestFilter] Authenticated user is User [name=CN=x,OU=y,DC=z,DC=LOCAL, roles=[Elasticsearch Admin]]
···
On Thursday, June 11, 2015 at 1:16:42 PM UTC-7, SG wrote:
yes, caching should also work for ldap authn/authz
Am 11.06.2015 um 01:44 schrieb koup...@gmail.com:
Hi,
searchguard.authentication.authentication_backend.cache.enable: true
searchguard.authentication.authorizer.cache.enable: true
Are these cache config keys applicable to LDAPAuthentication & LDAPAuthorization as well?
I keep find logon info at ldap server’s event view log.
–
You received this message because you are subscribed to the Google Groups “Search Guard” group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/dab71e00-bb02-47da-b364-1b071ba3eb4f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.