few months ago we opened case regarding the ldap errors we see in the elastic log files.
the conclusion was that from time to time there are hangs from the ldap servers which cause those error messages .
we decided to change the configuration file and started working with native ror user .
we have version 1.18.2 .
the config files of that user :
name : “::name of the rule::”
then we have more users which authenticated by active directory .
the problem is that from time to time we see in the elastic log file errors :
[2019-10-01T10:00:00,589][ERROR][t.b.r.a.b.d.l.i.UnboundidLdapAuthenticationService] [node_name] LDAP authenticate operation failed
then if we query the ror_audit index we get :
“origin”: “ip address”
“destination” : “ip address”
“req_method”: “POST” …
the question is why do we see those error from that specific user which is not even part of the active directory users ?
this is a native user we created and is not managed by the AD servers.
how can we avoid those errors ?