LDAP server was reachable.
Looks like my fault, i was experimenting earlier with my script when it wasn’t working
ssl_enabled: true
i changed it to false and now it is adding ACL
[2018-11-08T15:38:51,862][INFO ][t.b.r.r.SerializationTool] no custom audit log serialisers found, proceeding with default.
[2018-11-08T15:38:52,535][INFO ][t.b.r.a.ACL ] ADDING BLOCK: { name: 'Accept requests from users in group team', policy: ALLOW, rules: [ldap_auth, indices]}
[2018-11-08T15:38:52,536][INFO ][t.b.r.a.ACL ] ADDING BLOCK: { name: '::LOGSTASH::', policy: ALLOW, rules: [auth_key, actions, indices]}
However, still getting forbidden and below error:
[2018-11-08T16:36:35,211][INFO ][t.b.r.a.ACL ] FORBIDDEN by default req={ ID:1265684447-432166845#75, TYP:GetRequest, CGR:N/A, USR:[n o basic auth header], BRS:false, KDX:null, ACT:indices:data/read/get, OA:172.******, DA:172.*********, IDX:.kibana, MET:GET, PTH:/.kibana/doc/confi g%3A6.4.2, CNT:<N/A>, HDR:{Connection=keep-alive, Content-Length=0, Host=readlogs.***********:9200}, HIS:[Accept requests from users in group tea m->[ldap_authentication->false]], [::LOGSTASH::->[auth_key->false]] }
[2018-11-08T16:36:35,213][DEBUG][t.b.r.a.ACL ] checking request:1478575496-367159140#78
[2018-11-08T16:36:35,213][DEBUG][t.b.r.a.b.r.i.LdapAuthenticationAsyncRule] Basic auth header not present!
[2018-11-08T16:36:35,213][DEBUG][t.b.r.a.b.Block ] [Accept requests from users in group team] the request matches no rules in this block: { ID:1478575496-367159140#78, TYP:MonitoringBulkRequest, CGR:N/A, USR:[no basic auth header], BRS:false, KDX:null, ACT:cluster:admin/xpack/monito ring/bulk, OA:172.**********, DA:172.*********, IDX:<N/A>, MET:POST, PTH:/_xpack/monitoring/_bulk?system_id=kibana&system_api_version=6&interval=10000m s, CNT:{"index":{"_type":"kibana_stats"}}
{"kibana":{"uuid":"**********************","name":"Kibana","index":".kibana","host":"172.************","transport_address":"172.********:5 601","version":"6.4.2","snapshot":false,"status":"red"},"cloud":{"name":"aws","id":"i-07e48300424f85c1b","vm_type":"m4.large","region":"us-east-1" ,"zone":"us-east-1a","metadata":{"marketplaceProductCodes":null,"pendingTime":"2018-11-07T19:13:10Z","version":"2017-09-30","kernelId":null,"ramdi skId":null,"architecture":"x86_64","imageId":"ami-0ac019f4fcb7cb7e6"}}}
, HDR:{Connection=keep-alive, Content-Length=545, content-type=application/x-ndjson, Host=readlogs.********:9200}, HIS:[Accept requests from u sers in group team->[ldap_authentication->false]] }
[2018-11-08T16:36:35,213][DEBUG][t.b.r.a.b.r.i.AuthKeySyncRule] Basic auth header or auth key not present!
[2018-11-08T16:36:35,213][DEBUG][t.b.r.a.b.Block ] [::LOGSTASH::] the request matches no rules in this block: { ID:1478575496-367159140#7 8, TYP:MonitoringBulkRequest, CGR:N/A, USR:[no basic auth header], BRS:false, KDX:null, ACT:cluster:admin/xpack/monitoring/bulk, OA:172.********, D A:172., IDX:<N/A>, MET:POST, PTH:/_xpack/monitoring/_bulk?system_id=kibana&system_api_version=6&interval=10000ms, CNT:{"index":{"_type":"ki bana_stats"}}
{"kibana":{"uuid":"************************","name":"Kibana","index":".kibana","host":"172.*********","transport_address":"172.********:5 601","version":"6.4.2","snapshot":false,"status":"red"},"cloud":{"name":"aws","id":"i-07e48300424f85c1b","vm_type":"m4.large","region":"us-east-1" ,"zone":"us-east-1a","metadata":{"marketplaceProductCodes":null,"pendingTime":"2018-11-07T19:13:10Z","version":"2017-09-30","kernelId":null,"ramdi skId":null,"architecture":"x86_64","imageId":"ami-0ac019f4fcb7cb7e6"}}}
, HDR:{Connection=keep-alive, Content-Length=545, content-type=application/x-ndjson, Host=readlogs.**********:9200}, HIS:[Accept requests from u sers in group team->[ldap_authentication->false]], [::LOGSTASH::->[auth_key->false]] }
[2018-11-08T16:36:35,201][DEBUG][r.suppressed ] path: /_xpack/monitoring/_bulk, params: {system_id=kibana, system_api_version=6, inter val=10000ms}
tech.beshu.ror.es.IndexLevelActionFilter$1$1: forbidden
at tech.beshu.ror.es.IndexLevelActionFilter$1.onForbidden(IndexLevelActionFilter.java:163) ~[?:?]
[2018-11-08T16:23:41,036][DEBUG][i.n.u.NetUtil ] Failed to get SOMAXCONN from sysctl and file /proc/sys/net/core/somaxconn. De fault: 128
java.security.AccessControlException: access denied ("java.io.FilePermission" "/proc/sys/net/core/somaxconn" "read")