Hi,
my ldap request is working, user is authenticated, but the groups call is empty. Any idea, what I have done wrong?
here is a snipped of the log:
[2017-07-07T13:33:39,848][INFO ][o.e.p.r.a.b.r.i.LdapAuthenticationAsyncRule] Attempting Login as: d1234 rc: {
ID:2071009439-281222262, TYP:GetRequest, USR:d1234(?), BRS:false, ACT:indices:data/read/get,
OA:100.66.1.217, IDX:.kibana, MET:GET, PTH:/.kibana/config/5.4.2, CNT:<OMITTED, LENGTH=0>,
HDR:authorization,Connection,Content-Length,Host, HIS:[Monsoon (read only, but can create dashboards)->[auth_key-
>false]], [data->[auth_key->false]], [Admin->[auth_key->false]] }
I[2017-07-07T13:33:39,848][DEBUG][o.e.p.r.a.d.l.l.AuthenticationLdapClientLoggingDecorator] Trying to authenticate
user [d1234] with LDAP [ldap1]
I[2017-07-07T13:33:39,857][DEBUG][o.e.p.r.a.d.l.l.AuthenticationLdapClientLoggingDecorator] User [d1234]
authenticated by LDAP [ldap1]
I[2017-07-07T13:33:39,857][DEBUG][o.e.p.r.a.d.l.l.AuthenticationLdapClientLoggingDecorator] Trying to fetch user with
identifier [d1234] from LDAP [ldap1]
I[2017-07-07T13:33:39,860][DEBUG][o.e.p.r.a.d.l.l.AuthenticationLdapClientLoggingDecorator] User with identifier
[d1234] found [dn = CN=D1234,OU=Identities,DC=ad,DC=testing,DC=cloud,DC=com]
I[2017-07-07T13:33:39,860][DEBUG][o.e.p.r.a.d.l.l.GroupsProviderLdapClientLoggingDecorator] Trying to fetch user
[id=d1234, dnCN=D1234,OU=Identities,DC=ad,DC=testing,DC=cloud,DC=com] groups from LDAP [ldap1]
I[2017-07-07T13:33:39,862][DEBUG][o.e.p.r.a.d.l.l.GroupsProviderLdapClientLoggingDecorator] LDAP [ldap1] returned
for user [d1234] following groups: []
I[2017-07-07T13:33:39,862][DEBUG][o.e.p.r.a.b.Block ] [Accept requests from Monitoring Users] the request
matches no rules in this block: { ID:2071009439-281222262, TYP:GetRequest, USR:d1234, BRS:false,
ACT:indices:data/read/get, OA:100.66.1.217, IDX:.kibana, MET:GET, PTH:/.kibana/config/5.4.2, CNT:<OMITTED,
LENGTH=0>, HDR:authorization,Connection,Content-Length,Host, [Accept requests from Monitoring Users->
[ldap_authorization->false, ldap_authentication->true]] }
I[2017-07-07T13:33:39,862][INFO ][o.e.p.r.a.ACL ] no block has matched, forbidding by default: {
ID:2071009439-281222262, TYP:GetRequest, USR:d1234, BRS:false, ACT:indices:data/read/get, OA:100.66.1.217,
IDX:.kibana, MET:GET, PTH:/.kibana/config/5.4.2, CNT:<OMITTED, LENGTH=0>,
HDR:authorization,Connection,Content-Length,Host, HIS: [Accept requests from Monitoring Users->[
ldap_authorization->false, ldap_authentication->true]] }
This line looks strange: dnCN=D1234,OU=Identities,DC=ad,DC=testing …
my config:
- name: Accept requests from Monitoring Users
ldap_authentication: "ldap1"
ldap_authorization:
name: "ldap1"
groups: ["MONITORING_DOMAIN_USERS"]
ldaps:
- name: ldap1
host: "ldap.testing.cloud.com"
port: 636
ssl_enabled: true
ssl_trust_all_certs: true
bind_dn: "cn=monitoring,cn=Users,dc=ad,dc=testing,dc=cloud,dc=com
bind_password: "password"
search_user_base_DN: "ou=Identities,dc=ad,dc=testing,dc=cloud,dc=com"
search_groups_base_DN: "OU=ADMIN,OU=OSDomains,OU=CCloud,DC=ad,DC=testing,DC=cloud,DC=com"
user_id_attribute: "sAMAccountName"
unique_member_attribute: "memberOf"
connection_pool_size: 10
connection_timeout_in_sec: 10
request_timeout_in_sec: 10
cache_ttl_in_sec: 60
Any idea anyone?
Thanks a lot and regards,
Olaf
