I having some issues with logging ldap users into kibana with the current searchguard version. 7.3.
Can anyone highlight is there is any missing setting or config that I miss out in the role mapping or the sg_role yml files.
I able to get the result from curl command:
Curl -Ss -k -u [ldap user] -XGET “https://xxxxx:9200/_cluster/_health
Curl -Ss -k -u [ldap user] -XGET “https://xxxxx:9200/_searchguard/license?pretty
Previously on searchguard 6.5.1, i able to login kibana successfully with the ldap users but with the new 7.3, some of things change on role mapping and role config file.
Been stuck on the these for few days
Hope any experts can enlighten me.
How did you upgrade from 6.x to 7.x? Did you follow the upgrade instructions here?
I suspect there is something wrong with the role mapping. The configuration for LDAP did not change, so this should not be an issue.
Can you post your SG configuration files, and the ES log file during the (failing) login?
I experienced a similar issue after upgrading. 7.0 Upgrade assistant cluster issue needs to be resolved
Here’s an example of what I had to make my admin role look like following the upgrade. You’ll need to modify your sg_roles.yml to include the following: (the tool did not do this automatically when upgraded):
description: "Migrated from v6 (all types mapped)"
Sorry for the late reply.
Thanks for the showing me the right way to the sg configuration.
Just to add on in the sg_role.yml
description: “Migrated from v6 (all types mapped)”
Hope the kibana guide for ldap configuration can be clearer for other users.
Thank you very much.
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.