LDAP getting user operation failed

Hi everyone, we have a two nodes cluster in our test environment. ES 7.17, using kibana plugin. I just received an email with similar massage to that of Chris H. But our cluster is up and running just fine. Not sure why the error. any idea on what what caused it and or what to do to avoid any potential issues. thanks.
This is the related log from ES logs:
[2022-05-31T02:43:19,005][ERROR][t.b.r.a.b.d.l.i.UnboundidLdapAuthenticationService] [ol-tees-01] LDAP getting user operation failed.
[2022-05-31T02:43:19,001][ERROR][t.b.r.a.b.Block ] [ol-tees-01] KibanaAdmin: ldap_authentication rule matching got an error Task [email protected] rejected from [email protected][Running, pool size = 50, active threads = 40, queued tasks = 0, completed tasks = 242893786]
java.util.concurrent.RejectedExecutionException: Task [email protected] rejected from [email protected][Running, pool size = 50, active threads = 40, queued tasks = 0, completed tasks = 242893786]
at java.util.concurrent.ThreadPoolExecutor$AbortPolicy.rejectedExecution(ThreadPoolExecutor.java:2065) ~[?:?]
at java.util.concurrent.ThreadPoolExecutor.reject(ThreadPoolExecutor.java:833) ~[?:?]
at java.util.concurrent.ThreadPoolExecutor.execute(ThreadPoolExecutor.java:1365) ~[?:?]

This is the massage from the email alert:

[2022-05-31T02:43:18,224][ERROR][t.b.r.a.b.d.l.i.UnboundidLdapAuthenticationService] [ol-tees-01] LDAP getting user operation failed.

[2022-05-31T02:43:18,224][ERROR][t.b.r.a.b.d.l.i.UnboundidLdapAuthenticationService] [ol-tees-01] LDAP getting user operation failed.
[2022-05-31T02:43:18,243][ERROR][t.b.r.a.b.Block ] [ol-tees-01] KibanaAdmin: ldap_authentication rule matching got an error Task [email protected] rejected from [email protected][Running, pool size = 50, active threads = 33, queued tasks = 0, completed tasks = 242893370]
[2022-05-31T02:43:18,243][ERROR][t.b.r.a.b.Block ] [ol-tees-01] ROUsers: ldap_authentication rule matching got an error Task [email protected] rejected from

Reply

could you please enable debug logs and show us the logs with the whole stacktrace?

Hi CoutoPL Thank you. I am not quite sure how to do that, but I saw this post:How to set up logging level in Elasticsearch? - Stack Overflow will try those and see what I get.

A cool way to enable debug logs selectively is to append to /etc/elasticsearch/log4j2.properties the following lines:

rootLogger.level = warn
logger.ror.name = tech.beshu.ror.accesscontrol.blocks.definitions.ldap
logger.ror.level = debug

please see the Step 2: enable debug logs section in the link I sent in my previous post (or use the Simone’s hint if you wish)

Hi Mateusz and Simone, I enabled the Debug logs as recommended. this is some logs which I got from Kibana:
ML, like Gecko) Chrome/102.0.0.0 Safari/537.36",“referer”: /api/monitoring/v1/alert/1E5TxAlkTRKFtONj3MBH1g/status 200 225ms - 2.0B"}
{“type”:“response”,"@timestamp":“2022-06-21T09:01:26-07:00”,“tags”:[],“pid”:83909,“method”:“post”,“statusCode”:200,“req”:{“url”:"/api/monitoring/v1/clusters/1E5TxAlkTRKFtONj3MBH1g",“method”:“post”,“headers”:{“host”:“ph-tees-01.shp.cloud:5601”,“kbn-version”:“7.17.0”,“user-agent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36”,“content-type”:“application/json”,“accept”:"/ “,“origin”: deflate”,“accept-language”:“en-US,en;q=0.9”,“connection”:“close”,“x-ror-pkp-kibana-token”:“zchqy7cuarg6w65ql20utlpafnwjbr”,“content-length”:“101”,“accept-charset”:“utf-8”},“remoteAddress”:“127.0.0.1”,“userAgent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36”,“referer”/api/monitoring/v1/clusters/1E5TxAlkTRKFtONj3MBH1g 200 518ms - 1.2KB"}
{“type”:“response”,"@timestamp":“2022-06-21T09:01:26-07:00”,“tags”:[],“pid”:83909,“method”:“post”,“statusCode”:200,“req”:{“url”:"/api/monitoring/v1/alert/1E5TxAlkTRKFtONj3MBH1g/status",“method”:“post”,“headers”:{“host”:“ph-tees-01.shp.cloud:5601”,“kbn-version”:“7.17.0”,“user-agent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36”,“content-type”:“application/json”,“accept”:"/ “,“origin”:, deflate”,“accept-language”:“en-US,en;q=0.9”,“connection”:“close”,“x-ror-pkp-kibana-token”:“zchqy7cuarg6w65ql20utlpafnwjbr”,“content-length”:“55”,“accept-charset”:“utf-8”},“remoteAddress”:“127.0.0.1”,“userAgent”:"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHT

but I see no ERROR in this log. And it looks weird - is this ES log?

It’s Kibana logs, not ES logs. The log4j2.properties snippet is for Elasticsearch, so please grep ldap in Elasticsearch logs and show us.

Thanks for your response Simone.
Here is what was captured:
[2022-06-28T08:05:56,050][ERROR][t.b.r.a.b.d.l.i.UnboundidLdapAuthenticationService] [p-prESi-01] LDAP authenticate operation failed - cause [80090308: LdapErr: DSID-0C09044E, comment: AcceptSecurityContext error, data 52e, v2580]
[2022-06-28T08:05:56,050][ERROR][t.b.r.a.b.d.l.i.UnboundidLdapAuthenticationService] [p-prESi-01] LDAP authenticate operation failed - cause [80090308: LdapErr: DSID-0C09044E, comment: AcceptSecurityContext error, data 52e, v2580]
[2022-06-28T08:05:56,050][ERROR][t.b.r.a.b.d.l.i.UnboundidLdapAuthenticationService] [p-prESi-01] LDAP authenticate operation failed - cause [80090308: LdapErr: DSID-0C09044E, comment: AcceptSecurityContext error, data 52e, v2580]
[2022-06-28T08:05:56,050][ERROR][t.b.r.a.b.d.l.i.UnboundidLdapAuthenticationService] [p-prESi-01] LDAP authenticate operation failed - cause [80090308: LdapErr: DSID-0C09044E, comment: AcceptSecurityContext error, data 52e, v2580]

It looks like this:

Screenshot 2022-06-29 at 18.01.16960×73 12.8 KB

See: ldap wiki error codes

Take a look at LDAP connector section in our docs. IMO your LDAP binding configuration is wrong.