Hello,
we are trying to get LDAP authentication for Kibana.
Now I came across Readonlyrest, with its basic version this should be possible.
In my research it was described that the Kibana Readonly plugin and on the ElasticSearch servers the ElasticSearch Readonly plugin should be installed.
Now the following question arises for me.
I just want to get LDAP Authentication working for Kibana.
Do I still need to install the ElasticSearch plugins on all ElasticSearch servers, or is it enough in ElasticStack to just install the Kibana plugin on the Kibana node?
Here is my Kibana.yml so far. Is there anything else that needs to be customized for this?
Hello @Frankdetank,
Yes you need both plugins to be installed at all times. You can download them in our download page autonomously.
You will need to install ROR in Elasticsearch and add the readonlyrest.yml file in the same directory with elasticsearch.yml.
The file will contain your ACL. Don’t forget to:
add an ACL block with static credentials for Kibana. For example:
Remember to disable xpack security from both Elasticsearch and Kibana, by adding this line to both kibana.yml and elasticsearch.yml
xpack.security.enabled: false
Now add the external connector (LDAP) definition to the readonlyrest.yml. You can find an example in the docs. And the corresponding ACL block that exercises it.
If you have problems coming up with the right LDAP search strings, help yourself with verbose logging by putting Elasticsearch rootLogger in debug mode.