Unable to Integrate ElasticSearch with LDAP

I am having difficulty in integrating LDAP with ElasticSearch. My readonlyrest.yml looks like below:

readonlyrest:
   access_control_rules:

    - name: LDAP Authentication
      type: allow
      ldap_auth:
        name: "ldap1"
        groups: ["CN=*"]
      indices: ["*"]
   
    ssl:
      enable: true
      keystore_file: "/var/elasticsearch/elasticsearch-6.6.1/config/VW527967_ds_dev_accenture_com.pfx"
      keystore_pass: password
      key_pass: password
      

    ldaps:

    - name: ldap1
      host: "ldap.deu.adt.accenture.com"
      port: 389                                                     
      ssl_enabled: false                                            
      bind_dn: "[email protected]"           
      bind_password: "password"                                    
      search_user_base_DN: "CN=r.ullas.baliga,OU=People,DC=dir,DC=svc,DC=accenture,DC=com"
      user_id_attribute: "uid"                                      
      search_groups_base_DN: "CN=adtbitbucket001.dev.admin,OU=Groups,dc=dir,dc=svc,dc=accenture,dc=com"
      unique_member_attribute: "uniqueMember"                       
      connection_pool_size: 10                                      
      connection_timeout_in_sec: 10                                 
      request_timeout_in_sec: 10                                    
      cache_ttl_in_sec: 60                                          
      group_search_filter: "(objectClass=*)"   
      group_name_attribute: "cn" 

In the logs I get below error :

[2020-02-12T12:25:43,559][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [uuCSvE6] FORBIDDEN by default req={ ID:2016284649-1753224073#136, TYP:MainRequest, CGR:N/A, USR:r.ullas.baliga (attempted), BRS:true, KDX:null, ACT:cluster:monitor/main, OA:10.140.16.120/32, XFF:null, DA:10.140.16.120/32, IDX:<N/A>, MET:GET, PTH:/, CNT:<N/A>, HDR:Accept=*/*, Authorization=<OMITTED>, Host=VW527967.ds.dev.accenture.com:9200, User-Agent=curl/7.29.0, content-length=0, HIS:[LDAP Authentication-> RULES:[ldap_auth->false]] }

Can someone please tell me if the configuration I am doing is incorrect?

When I do an ldap search from the linux machine, results look fine :
ldapsearch -x -D "[email protected]" -W -p 389 -h ldap.deu.adt.accenture.com -b "CN=adtbitbucket001.dev.admin,OU=Groups,DC=dir,DC=svc,DC=accenture,DC=com" -s sub "(objectclass=*)"

Hi @sscarduzio,

Can you please help me with this?

Thanks
Ram

Please configure debug log level in log4j file and you will find more logs related to LDAP

Thanks! I was able to resolve this already. I set the below attribute and it worked!
user_id_attribute: "sAMAccountName"

1 Like