LDAP ROR configuration

miroslavkardos · January 24, 2024, 11:00am

Hello,
Can someone help me? I have LDAP configured but login is not working.
This is my conf file of ROR in Kibana :

Groups

- name: admin
  type: allow
  groups: [ "admin" ]
  #indices: [ "*" ]
  kibana_access: unrestricted

### ADMINS ###
users:
- username: admin.forename
  groups: [ "admin" ]
  ldap_authentication:
    name: "ldap_name"


###### Connectors ######

ldaps:

- name: ldap_name
  hosts:
  - "ldaps://xxxxxx:636"
  ha: "FAILOVER"
  port: 636
  ssl_enabled: true
  ssl_trust_all_certs: true
  bind_dn: 'Domain\Name'
  bind_password: 'xxxx'
  search_user_base_DN: "dc=,dc="
  search_groups_base_DN: "dc=,dc="
  user_id_attribute: "sAMAccountName"
  unique_member_attribute: "member"
  connection_pool_size: 10
  connection_timeout_in_sec: 10
  request_timeout_in_sec: 10
  cache_ttl_in_sec: 60
  group_search_filter: "(objectClass=group)"
  group_name_attribute: "cn"

Error Message when i try login with LDAP credentials:
Could not login
Upgrade to ReadonlyREST Enterprise to use “kibana_index” rule

coutoPL · January 24, 2024, 4:24pm

Hi @miroslavkardos

could you please let us know what ES, KBN, and ROR versions you use?

miroslavkardos · January 25, 2024, 6:38am

Hello, I am using ROR version pro-readonlyrest_kbn_pro-1.26.1_es7.5.2.zip on Kibana And readonlyrest-1.54.0_es7.5.2.zip on my ES Master nodes , Kibana and ES are on version 7.5.2.

miroslavkardos · January 25, 2024, 7:54am

Hello,

Update : i reinstalled ES RoR plugin and Kibana RoR Plugin : readonlyrest_kbn_pro-1.54.0_es7.5.2.zip , readonlyrest-1.54.0_es7.5.2.zip for version 7.5.2 and everything works.

coutoPL · January 25, 2024, 6:20pm

Yeah. this is what I thought, because I remember we’ve already fixed the issue like yours.
BTW, please make sure you always have the same versions of the ROR plugin on the KBN and the ES side. We don’t guarantee two different versions will work well with each other.