LDAP and Multitenancy

hassen · March 13, 2019, 1:32pm

Hello,

I using Elasticsearch 6.6.1 & Kibana 6.6.1
I installed readonlyrest_kbn_enterprise-1.17.2_es6.6.1 and readonlyrest-1.17.0_es6.6.1
Here is my YAML configuration :

...
- name: "Group 1"
  groups: ["Group1"]
  kibana_access: rw
  kibana_hide_apps: ["readonlyrest_kbn", "timelion"]
  kibana_index: ".kibana_g1"

- name: "Group 2"
  groups: ["Group2"]
  kibana_access: rw
  kibana_hide_apps: ["readonlyrest_kbn", "timelion"]
  kibana_index: ".kibana_g2"

- name: "ADMINS"
  groups: ["Admins"]
  kibana_access: admin
  kibana_index: ".kibana"

users:
- username: admin
  auth_key: admin:admin
  groups: ["Admins","Group1","Group2"]

- username: user1
  groups: ["Group1"]
  ldap_authentication: "ldap"

- username: user2
  groups: ["Group2"]
  ldap_authentication: "ldap"

ldaps:
...

When I connect with the user Admin, the drop-down list is not shown correctly.
What is wrong with my configuration?

H.

sscarduzio · March 13, 2019, 3:26pm

Hi @hassen, could you try setting ES in debug mode and seeing if the LDAP connector resolves all the groups for user “admin”?

From the docs, troubleshooting

LDAP configuration: LDAP is tricky to configure in any system. Configure ES root logger to DEBUG editing $ES_HOME/config/l4j2.properties to see a trace of the LDAP messages.