Trying to get LDAP authentication working for Kibana but not having much luck. Wondering if anyone can verify my config.
Its a MS active directory, can search it via ldapsearch ok.
Have the following in my readonlyrest config
- name: "::CUSTOMER::" kibana_access: ro indices: [ ".kibana", "kibana_sample_data_flights"] kibana_hide_apps: ["readonlyrest_kbn", "timelion", "kibana:dev_tools", "kibana:management", "monitoring", "apm", "kibana:discover", "kibana:visualize"] ldap_auth: name: "ldap1" groups: ["customer"] verbosity: error ldaps: - name: ldap1 host: "172.31.1.1" port: 389 ssl_enabled: false ssl_trust_all_certs: true search_user_base_DN: "CN=Users,OU=customerldap,DC=customerldap,DC=mycompany,DC=com" search_groups_base_DN: "OU=Groups,OU=customerldap,DC=customerldap,DC=mycompany,DC=com" user_bind_attribute: "samaccountname"
Have an user in AD called “bob” that is part of the customer group. Try to login and get a 401 with the following in the elasticsearch log.
[2018-10-04T19:42:59,863][INFO ][t.b.r.a.ACL ] FORBIDDEN by default req={ ID:1000713719-1707563075#4345582, TYP:RRAdminRequest, CGR:N/A, USR:bob(?), BRS:false, KDX:null, ACT:cluster:admin/rradmin/refreshsettings, OA:127.0.0.1, DA:0.0.0.0, IDX:<N/A>, MET:GET, PTH:/_readonlyrest/metadata/current_user, CNT:<N/A>, HDR:{authorization=<OMITTED>, Connection=close, content-length=0, Host=localhost:9200}, HIS:[::LOGSTASH::->[auth_key->false]], [::KIBANA-SRV::->[auth_key->false]], [::ADMIN::->[auth_key->false]], [::PLATFORM-TEAM::->[groups->false]], [::SOC-TEAM::->[groups->false]], [::CUSTOMER::->[ldap_authentication->false]] }
