Good day,
I have been struggling to get LDAP authentication working with Kibana (basic auth worked). I have installed both ROR free versions for Elasticsearch and Kibana (version 7.4.2), but when I start Kibana, I am seeing “OPERATION_NOT_ALLOWED” errors.
Below are my configuration files:
$ES/config/readonlyrest.yml
access_control_rules:
- name: Accept requests from users in group team1 on index1
type: allow # Optional, defaults to “allow”, will omit from now on.
ldap_auth:
name: “ldap1” # ldap name from below ‘ldaps’ section
groups: [“g1”, “g2”] # group within ‘ou=Groups,dc=example,dc=com’
indices: [“index1”]
ldaps:
- name: ldap1
host: "
port: 636 # optional, default 389
ssl_enabled: true # optional, default true
ssl_trust_all_certs: true # optional, default false
bind_dn: “” # optional, skip for anonymous bind
bind_password: “” # optional, skip for anonymous bind
search_user_base_DN: “”
#user_id_attribute: “uid” # optional, default “uid”
search_groups_base_DN: “ou=Groups,dc=example,dc=com”
#unique_member_attribute: “uniqueMember” # optional, default “uniqueMember”
connection_pool_size: 10 # optional, default 30
connection_timeout_in_sec: 10 # optional, default 1
request_timeout_in_sec: 10 # optional, default 1
cache_ttl_in_sec: 60 # optional, default 0 - cache disabled
group_search_filter: “(objectClass=group)(cn=application*)” # optional, default (cn=*)
group_name_attribute: “cn”
With these configurations in place, I am seeing the error below in elastic log file:
FORBIDDEN by default req={ ID:1650526757-1391121473#90, TYP:SearchRequest, CGR:N/A, USR:elastic (attempted), BRS:true, KDX:null, ACT:indices:data/read/search, OA:10.170.65.172/32, XFF:null, DA:10.170.65.172/32, IDX:txns*, MET:POST, PTH:/txns*/_search, CNT:<OMITTED, LENGTH=442.0 B> , HDR:Accept=application/json, application/*+json, Authorization=<OMITTED>, Connection=keep-alive, Content-Length=442, Content-Type=application/json, Host=elina.jncb.com:9200, User-Agent=Java/1.8.0_232, HIS:[Accept requests from users in group team1 on index1-> RULES:[ldap_auth->false], RESOLVED:[indices=txns*]] }
And Kibana doesn’t start up with an operation not permitted error.
Note that on this server, we had previously created users using the elastic command line tool to initialise users.