Hi,
We want to connect kibana with LDAP. I have done some configuration but getting exception impossible to add block to ACL. Need guidelines to setup LDAP connectivity. Below is my configuration.
readonlyrest:
enable: true # optional, defaults=true if at least 1 "access_control_rules" block
prompt_for_basic_auth: false
ssl:
enable: true
keystore_file: "/opt/ElasticSearchKibana/elasticsearch-6.2.4/config/keystore.jks"
keystore_pass: readonlyrest
key_pass: readonlyrest
key_alias: elk01 #This is needed only when the keystore has multiple entries
access_control_rules:
- name: "::LOGSTASH::"
auth_key: logstash:logstash
actions: ["indices:data/read/*","indices:data/write/*","indices:admin/template/*","indices:admin/create"]
indices: ["logstash-*"]
- name: "::KIBANA-SRV::"
auth_key: kibana:kibana
- name: "::ADMIN::"
auth_key: admin:admin
# KIBANA ADMIN ACCESS NEEDED TO EDIT SECURITY SETTINGS IN ROR KIBANA APP!
- name: Accept requests from users in group team1 on index1
ldap_auth:
name: "ldap1" # ldap name from below 'ldaps' section
groups: ["g1"] # group within 'ou=Groups,dc=example,dc=com'
indices: ["index1"]
ldaps:
- name: ldap1
host: "ad.crisil.com"
port: 389 # optional, default 389
ssl_enabled: false # optional, default true
ssl_trust_all_certs: true # optional, default false
bind_dn: "CN=c-ShubhamG,OU=Technology,OU=Corporate Technology,OU=Corporate Group,OU=Mumbai Crisil House,DC=ad,DC=crisil,DC=com" # optional, skip for anonymous bind
bind_password: iSTEVEJOBS17/ # optional, skip for anonymous bind
search_user_base_DN: "ou=ad,dc=crisil,dc=com"
user_id_attribute: "uid" # optional, default "uid"
search_groups_base_DN: "ou=ad,dc=crisil,dc=com"
unique_member_attribute: "uniqueMember" # optional, default "uniqueMember"
connection_pool_size: 10 # optional, default 30
connection_timeout_in_sec: 10 # optional, default 1
request_timeout_in_sec: 10 # optional, default 1
cache_ttl_in_sec: 60 # optional, default 0 - cache disabled
Thanks,
Ajit