There must be something else above that.
BTW That stack trace is not pathologic, it’s just shown by ROR in debug mode in case no block has matched (I know, it’s just ugly).
Consider my experiment:
curl -k -ucartman:user2 'https://localhost:9200'
[2018-11-13T13:12:36,906][DEBUG][t.b.r.a.b.r.i.LdapAuthenticationAsyncRule] Attempting Login as: cartman rc: { ID:589822737-529412023#84, TYP:MainRequest, CGR:N/A, USR:cartman(?), BRS:true, KDX:null, ACT:cluster:monitor/main, OA:127.0.0.1, DA:0:0:0:0:0:0:0:1, IDX:<N/A>, MET:GET, PTH:/, CNT:<N/A>, HDR:{Accept=*/*, Authorization=Basic Y2FydG1hbjp1c2VyMg==, content-length=0, Host=localhost:9200, User-Agent=curl/7.54.0}, HIS:[Kibana->[auth_key->false]] }
[2018-11-13T13:12:36,906][DEBUG][t.b.r.a.d.l.l.AuthenticationLdapClientLoggingDecorator] Trying to authenticate user [cartman] with LDAP [ldap1]
[2018-11-13T13:12:36,908][DEBUG][t.b.r.a.d.l.l.AuthenticationLdapClientLoggingDecorator] User [cartman] authenticated by LDAP [ldap1]
[2018-11-13T13:12:36,909][DEBUG][t.b.r.a.d.l.l.AuthenticationLdapClientLoggingDecorator] Trying to fetch user with identifier [cartman] from LDAP [ldap1]
[2018-11-13T13:12:36,911][DEBUG][t.b.r.a.d.l.l.AuthenticationLdapClientLoggingDecorator] User with identifier [cartman] found [dn = cn=Eric Cartman,ou=People,dc=example,dc=com]
[2018-11-13T13:12:36,912][DEBUG][t.b.r.a.d.l.l.GroupsProviderLdapClientLoggingDecorator] Trying to fetch user [id=cartman, dncn=Eric Cartman,ou=People,dc=example,dc=com] groups from LDAP [ldap1]
[2018-11-13T13:12:36,914][DEBUG][t.b.r.a.d.l.l.GroupsProviderLdapClientLoggingDecorator] LDAP [ldap1] returned for user [cartman] following groups: [group3, groupAll, group1]
[2018-11-13T13:12:36,916][DEBUG][t.b.r.a.b.Block ] matched { name: '::g1::', policy: ALLOW, rules: [kibana_index, ldap_auth]}
[2018-11-13T13:12:36,926][INFO ][t.b.r.a.ACL ] ALLOWED by { name: '::g1::', policy: ALLOW, rules: [kibana_index, ldap_auth]} req={ ID:589822737-529412023#84, TYP:MainRequest, CGR:N/A, USR:cartman, BRS:true, KDX:.kibana_group1, ACT:cluster:monitor/main, OA:127.0.0.1, DA:0:0:0:0:0:0:0:1, IDX:<N/A>, MET:GET, PTH:/, CNT:<N/A>, HDR:{Accept=*/*, Authorization=Basic Y2FydG1hbjp1c2VyMg==, content-length=0, Host=localhost:9200, User-Agent=curl/7.54.0}, HIS:[Kibana->[auth_key->false]], [::g1::->[ldap_authorization->true, kibana_index->true]] }
Can you see how much information I get from the LDAP connector?
User with identifier [cartman] found [dn = cn=Eric Cartman,ou=People,dc=example,dc=com]
...
Trying to fetch user [id=cartman, dncn=Eric Cartman,ou=People,dc=example,dc=com] groups from LDAP [ldap1]
...
LDAP [ldap1] returned for user [cartman] following groups: [group3, groupAll, group1]
...
This stuff is very helpful