Hi,
I am getting the following error while trying to authenticate using LDAP user.
[2017-10-24T12:01:52,296][INFO ][o.e.p.r.a.ACL ] FORBIDDEN by default req={ ID:1372249213-1612331731#61, TYP:MainRequest, CGR:N/A, USR:gauss, BRS:true, ACT:cluster:monitor/main, OA:52.36.179.205, IDX:<N/A>, MET:GET, PTH:/, CNT:<N/A>, HDR:Accept,Accept-Encoding,Accept-Language,Authorization,Cache-Control,Connection,content-length,Host,Postman-Token,User-Agent,Via,X-Forwarded-For, HIS:[Accept requests from users in group team1 on index1->[groups->false]], [Accept requests to index1 from users with valid LDAP credentials, belonging to LDAP group 'team1'->[ldap_authorization->false, ldap_authentication->true, indices->true]] }
I tried with an online test LDAP Server - Online LDAP Test Server - Forum Systems
LDAP configuration in elasticsearch.yml
readonlyrest:
enable: true
response_if_req_forbidden: Forbidden by ReadonlyREST ES plugin
access_control_rules:
- name: Accept requests to index1 from users with valid LDAP credentials, belonging to LDAP group 'team1'
ldap_authentication: "ldap1"
ldap_authorization:
name: "ldap1" # ldap name from 'ldaps' section
groups: ["mathematicians"] # group within 'ou=Groups,dc=example,dc=com'
indices: ["test_index1"]
ldaps:
- name: ldap1
host: "ldap.forumsys.com"
port: 389 # default 389
ssl_enabled: false # default true
ssl_trust_all_certs: true # default false
bind_dn: "cn=read-only-admin,dc=example,dc=com" # skip for anonymous bind
bind_password: "password" # skip for anonymous bind
search_user_base_DN: "dc=example,dc=com"
user_id_attribute: "uid" # default "uid"
search_groups_base_DN: "ou=mathematicians,dc=example,dc=com"
unique_member_attribute: "uniqueMember" # default "uniqueMember"
connection_pool_size: 10 # default 30
connection_timeout_in_sec: 10 # default 1
request_timeout_in_sec: 10 # default 1
cache_ttl_in_sec: 0 # default 0 - cache disabled