LDAP Configuration Troubleshoot

Finally it is working.

I had to edit the /usr/java/jdk1.8.0_172-amd64/jre/lib/security/java.policy file:

// Standard extensions get all permissions by default

grant {
permission java.util.PropertyPermission “*”, “read,write”; -----> ADDED BY ME
};

grant codeBase “file:${{java.ext.dirs}}/*” {
permission java.security.AllPermission;
};

// default permissions granted to all domains

grant {
// Allows any thread to stop itself using the java.lang.Thread.stop()
// method that takes no argument.
// Note that this permission is granted by default only to remain
// backwards compatible.
// It is strongly recommended that you either remove this permission
// from this policy file or further restrict it to code sources
// that you specify, because Thread.stop() is potentially unsafe.
// See the API specification of java.lang.Thread.stop() for more
// information.
permission java.lang.RuntimePermission “stopThread”;

    // allows anyone to listen on dynamic ports
    permission java.net.SocketPermission "localhost:0", "listen";
    permission java.net.SocketPermission "10.2.27.1:389", "connect,resolve"; **-----> ADDED BY ME**

    // "standard" properies that can be read by anyone

    permission java.util.PropertyPermission "java.version", "read";
    permission java.util.PropertyPermission "java.vendor", "read";
    permission java.util.PropertyPermission "java.vendor.url", "read";
    permission java.util.PropertyPermission "java.class.version", "read";
    permission java.util.PropertyPermission "os.name", "read";
    permission java.util.PropertyPermission "os.version", "read";
    permission java.util.PropertyPermission "os.arch", "read";
    permission java.util.PropertyPermission "file.separator", "read";
    permission java.util.PropertyPermission "path.separator", "read";
    permission java.util.PropertyPermission "line.separator", "read";

    permission java.util.PropertyPermission "java.specification.version", "read";
    permission java.util.PropertyPermission "java.specification.vendor", "read";
    permission java.util.PropertyPermission "java.specification.name", "read";

    permission java.util.PropertyPermission "java.vm.specification.version", "read";
    permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
    permission java.util.PropertyPermission "java.vm.specification.name", "read";
    permission java.util.PropertyPermission "java.vm.version", "read";
    permission java.util.PropertyPermission "java.vm.vendor", "read";
    permission java.util.PropertyPermission "java.vm.name", "read";

};

The /usr/share/elasticsearch/plugins/readonlyrest/plugin-security.policy file contains:

grant {
permission java.security.SecurityPermission “getProperty.ssl.KeyManagerFactory.algorithm”;
permission java.lang.reflect.ReflectPermission “suppressAccessChecks”;
permission java.lang.RuntimePermission “accessDeclaredMembers”;
permission java.lang.RuntimePermission “accessClassInPackage.sun.misc”;
permission java.util.PropertyPermission “*”, “read,write”;
permission java.lang.RuntimePermission “getClassLoader”;
permission java.io.FilePermission “<< ALL FILES >>”, “read”;
permission java.lang.RuntimePermission “setContextClassLoader”;
};

Thanks to all.

Regards

Sean Camela