If we are using our configuration,then we are able to login with any Username and Password.
this is my configuration File.
readonlyrest:
prompt_for_basic_auth: false
ssl:
enable: true
keystore_file: "/opt/ElasticSearchKibana/elasticsearch-6.2.4/config/keystore.jks"
keystore_pass: readonlyrest
key_pass: readonlyrest
key_alias: elk01 #This is needed only when the keystore has multiple entries
audit_collector: true
access_control_rules:
users:
- username: c-ShubhamG
groups: ["Technology"]
ldap_authentication:
name: ldap1
indices: [".kibana","index1"]
ldaps:
- name: ldap1
host: "ldap://ad.crisil.com:389"
ssl_enabled: false
ssl_trust_all_certs: true
bind_dn: "CN=c-ShubhamG,OU=Technology,OU=Corporate Technology,OU=Corporate Group,OU=Mumbai Crisil House,DC=ad,DC=crisil,DC=com"
bind_password: "May@2018"
search_user_base_DN: "dc=ad,dc=crisil,dc=com"
but when we are using the configuration given by you its throws an Exception (‘ldap://ad.crisil.com:389’: UnknownHostException(message='ldap://ad.crisil.com:389:). Even this host is working fine in my Xpack Configuration.
Configuration File Suggested by you is-
name: "BLOCK1: Kibana server"
auth_key: "kibana:kibana"
- name: "BLOCK2: Allow Technology group"
groups: ["Technology"]
indices: [".kibana", "index1"]
# END OF ACL BLOCKS
users:
# BEGIN OF USERS
- username: c-ShubhamG
groups: ["Technology"]
ldap_authentication:
name: ldap1
# END OF USERS
ldaps:
Hi, @sscarduzio,
As told you I have configure readonlyrest.yml. But getting exception ️ Could not login: Unauthorized (401)
while login into kibana. My authorisation getting fail for user I mentioned in configuration. Please check once and reply as soon as possible. Below is my configuration.
assuming your (one) ldap group, that users are located in is called “Technology”.
the groups you assign under users, is what actually links to the acl block that is supposed to be applied to that user.
username should be the same, as which your trying to login with.
as far as i can tell ldap_authentication only checks, if that user exists on ldap, but doesnt actually authorize that user -> probably why you get authorization error msg.