Getting an Internal Error after LDAP authentification though ROR


I configured readonlyrest.yml to support LDAP authentification and elastic and kibana both start well without issue

However when I connect on ROR login page using an authorized LDAP account I get the following error

{"statusCode":500,"error":"Internal Server Error","message":"An internal server error occurred"}

The logs onlye provide me the following information which I am not able to decypher

Any help Is welcome

{ Error: invalid identity {"x-ror-logging-id":"e728160b-13d5-46a9-bd96-fd12aa8a9a6a","kibanaIndex":".kibana","authHeaders":{"authorization":"Basic QUM3NTBHMTEyMDptM1lnbVNxX2lCVSY="},"hiddenApps":[],"sid":"7543416a-b1c8-46ee-822 │

 at writeIdentity (/usr/share/kibana/plugins/readonlyrest_kbn/server/routes/lib/auth.js:238:38)                                                                                                                                  
 at loginHandler (/usr/share/kibana/plugins/readonlyrest_kbn/server/routes/lib/auth.js:167:13)                                                                                                                                   
 at process._tickCallback (internal/process/next_tick.js:68:7)                                                                                                                                                                    
 isBoom: true,                                                                                                                                                                                                                     
 isServer: true,                                                                                                                                                                                                                    
  data: null,                                                                                                                                                                                                                       
  { statusCode: 500,                                                                                                                                                                                                               
    statusCode: 500,                                                                                                                                                                                                             
    error: 'Internal Server Error',                                                                                                                                                                                              
   : 'An internal server error occurred' },                                                                                                                                                                              
     { 'kbn-name': 'elastic-kibana-1',                                                                                                                                                                                              
         'kbn-xpack-sig': 'ef42adb69cd0ad9c36eb0323e8819b1d' } },                                                                                                                                                                     
         reformat: [Function] }

When the login request from Kibana plugin matches into an ACL block that has no authentication rule (auth_key*, ldap_auth*, etc), then you are returned with an identity object that does not have a username. A username is necessary for kibana session to begin.

Please go back to your ACL and your elasticsearch logs (grep for “metadata”) and see what ACL block has matched the login attempt.

Hi @sscarduzio thank You for You answer.

Unfortunatly I do not have access to the ACL log

These elastic node and kibana are deploy on a Kubernetes environement, so I am lost to where to find these elasticsearch log that You are talking about

the elasticsearch HOME DIRECTORY is /usr/share/elasticsearch/

and I only have 2 logs file under /usr/share/elasticsearch/logs
which are gc.log and gc.log.00

none of them containt the key word “metadata”

The logs line that I mentioned in the question come from the kibana pods logs

Is there another way around to find what is causinig the issue, given this set uo

I am available to provide more information if needed

Thank You for Your time

you could change the ACL and enable “audit_log_collector: true”, so you will have those logs in readonlyrest-audit-* indices, and you can see them directly in Kibana, or query directly from Elasticsearch I suppose!

Try looking for elasticsearch.log in /var/log/?