LDAP Authentication - Kibana

Good day,

I have been struggling to get LDAP authentication working with Kibana (basic auth worked). I have installed both ROR free versions for Elasticsearch and Kibana (version 7.4.2), but when I start Kibana, I am seeing “OPERATION_NOT_ALLOWED” errors.

Below are my configuration files:

$ES/config/readonlyrest.yml

access_control_rules:
  • name: Accept requests from users in group team1 on index1
    type: allow # Optional, defaults to “allow”, will omit from now on.
    ldap_auth:
    name: “ldap1” # ldap name from below ‘ldaps’ section
    groups: [“g1”, “g2”] # group within ‘ou=Groups,dc=example,dc=com’
    indices: [“index1”]

ldaps:

  • name: ldap1
    host: "
    port: 636 # optional, default 389
    ssl_enabled: true # optional, default true
    ssl_trust_all_certs: true # optional, default false
    bind_dn: “” # optional, skip for anonymous bind
    bind_password: “” # optional, skip for anonymous bind
    search_user_base_DN: “”
    #user_id_attribute: “uid” # optional, default “uid”
    search_groups_base_DN: “ou=Groups,dc=example,dc=com”
    #unique_member_attribute: “uniqueMember” # optional, default “uniqueMember”
    connection_pool_size: 10 # optional, default 30
    connection_timeout_in_sec: 10 # optional, default 1
    request_timeout_in_sec: 10 # optional, default 1
    cache_ttl_in_sec: 60 # optional, default 0 - cache disabled
    group_search_filter: “(objectClass=group)(cn=application*)” # optional, default (cn=*)
    group_name_attribute: “cn”

With these configurations in place, I am seeing the error below in elastic log file:

FORBIDDEN by default req={  ID:1650526757-1391121473#90,  TYP:SearchRequest,  CGR:N/A,  USR:elastic (attempted),  BRS:true,  KDX:null,  ACT:indices:data/read/search,  OA:10.170.65.172/32,  XFF:null,  DA:10.170.65.172/32,  IDX:txns*,  MET:POST,  PTH:/txns*/_search,  CNT:<OMITTED, LENGTH=442.0 B> ,  HDR:Accept=application/json, application/*+json, Authorization=<OMITTED>, Connection=keep-alive, Content-Length=442, Content-Type=application/json, Host=elina.jncb.com:9200, User-Agent=Java/1.8.0_232,  HIS:[Accept requests from users in group team1 on index1-> RULES:[ldap_auth->false], RESOLVED:[indices=txns*]]  }

And Kibana doesn’t start up with an operation not permitted error.

Note that on this server, we had previously created users using the elastic command line tool to initialise users.

did you configure kibana,yml to use basic auth to access Elasticsearch?

# Kibana server use ::KIBANA-SRV:: credentials
elasticsearch.username: "kibana"
elasticsearch.password: "kibana"

And also, you didn’t add the ACL block dedicated to Kibana server:

    - name: "::KIBANA-SRV::"
      auth_key: kibana:kibana

About the LDAP debugging, try enabling debug mode in Elasticsearch