-
Notifications
You must be signed in to change notification settings - Fork 504
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Not able to authenticate with ldap #907
Comments
@shaikabdulm: Looks like the security plugin is disabled on your OpenSearch Dashboards node. If you enable the plugin with LDAP, does it still throw an error? |
My opensearch_dashboard.yml config is as below #opensearch.hosts: ["http://localhost:9200"] I have tried every possible setting by enabling and disabling. Is there anything to set other than in opensearch.yml and opensearch_dashboard.yml? |
@shaikabdulm the basic auth also needs to be enabled for OpenSearch Dashboards to be able to connect with the username and password you provided in opensearch_dashboards.yml file: |
Signed-off-by: AntonEliatra <[email protected]>
* adding basic_auth config to ldap #907 Signed-off-by: AntonEliatra <[email protected]> * Update ldap.md Signed-off-by: AntonEliatra <[email protected]> * Apply suggestions from code review Signed-off-by: Naarcha-AWS <[email protected]> --------- Signed-off-by: AntonEliatra <[email protected]> Signed-off-by: Naarcha-AWS <[email protected]> Co-authored-by: Naarcha-AWS <[email protected]>
* adding basic_auth config to ldap #907 Signed-off-by: AntonEliatra <[email protected]> * Update ldap.md Signed-off-by: AntonEliatra <[email protected]> * Apply suggestions from code review Signed-off-by: Naarcha-AWS <[email protected]> --------- Signed-off-by: AntonEliatra <[email protected]> Signed-off-by: Naarcha-AWS <[email protected]> Co-authored-by: Naarcha-AWS <[email protected]> (cherry picked from commit a7f316f) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
…roject#7671) * adding basic_auth config to ldap opensearch-project#907 Signed-off-by: AntonEliatra <[email protected]> * Update ldap.md Signed-off-by: AntonEliatra <[email protected]> * Apply suggestions from code review Signed-off-by: Naarcha-AWS <[email protected]> --------- Signed-off-by: AntonEliatra <[email protected]> Signed-off-by: Naarcha-AWS <[email protected]> Co-authored-by: Naarcha-AWS <[email protected]> Signed-off-by: [email protected] <[email protected]>
…roject#7671) * adding basic_auth config to ldap opensearch-project#907 Signed-off-by: AntonEliatra <[email protected]> * Update ldap.md Signed-off-by: AntonEliatra <[email protected]> * Apply suggestions from code review Signed-off-by: Naarcha-AWS <[email protected]> --------- Signed-off-by: AntonEliatra <[email protected]> Signed-off-by: Naarcha-AWS <[email protected]> Co-authored-by: Naarcha-AWS <[email protected]> Signed-off-by: Sander van de Geijn <[email protected]>
Tired deploying the opensearch cluster with docker-compose and tried to add my own AD credentials.
tags":["error","plugins","securityDashboards"],"pid":1,"message":"Failed authentication: Error: Authentication Exception"}
My security config yaml is configured as followed with AD integration:
_meta:
type: "config"
config_version: 2
config:
dynamic:
http:
anonymous_auth_enabled: false
xff:
enabled: false
authc:
ldap:
order: 1
description: "Authenticate using LDAP"
http_enabled: true
transport_enabled: true
http_authenticator:
type: basic
challenge: true
authentication_backend:
type: ldap
config:
enable_ssl: false
enable_start_tls: false
enable_ssl_client_auth: false
verify_hostnames: false
hosts:
- my-AD-server1:389
- my-AD-server2:389
bind_dn: 'cn=admin,dc=mydomain,dc=com'
password: 'secret'
userbase: 'ou=Persons,dc=mydomain,dc=com'
usersearch: '(sAMAccountName={0})'
#usersearch: "(cn={0})"
username_attribute: uid
connect_timeout: 5000
response_timeout: 0
docker-compose.yml
version: '3'
services:
opensearch-node1:
#image: opensearchproject/opensearch:2.0.0
image: opensearch:v1
container_name: opensearch-node1
environment:
#- JAVA_HOME=/usr/share/opensearch/jdk
- cluster.name=opensearch-cluster
- node.name=opensearch-node1
- discovery.seed_hosts=opensearch-node1,opensearch-node2
#- plugins.security.disabled=true
- cluster.initial_master_nodes=opensearch-node1,opensearch-node2
- bootstrap.memory_lock=true # along with the memlock settings below, disables swapping
- "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536 # maximum number of open files for the OpenSearch user, set to at least 65536 on modern systems
hard: 65536
volumes:
- /mnt/opensearch-data1:/usr/share/opensearch/data
- ./config.yml:/usr/share/opensearch/config/opensearch-security/config.yml
ports:
- 9200:9200
- 9600:9600 # required for Performance Analyzer
networks:
- opensearch-net
opensearch-node2:
#image: opensearchproject/opensearch:2.0.0
image: opensearch:v1
container_name: opensearch-node2
environment:
#- JAVA_HOME=/usr/share/opensearch/jdk
- cluster.name=opensearch-cluster
- node.name=opensearch-node2
#- plugins.security.disabled=true
- discovery.seed_hosts=opensearch-node1,opensearch-node2
- cluster.initial_master_nodes=opensearch-node1,opensearch-node2
- bootstrap.memory_lock=true
- "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
volumes:
- /mnt/opensearch-data2:/usr/share/opensearch/data
- ./config.yml:/usr/share/opensearch/config/opensearch-security/config.yml
networks:
- opensearch-net
opensearch-dashboards:
image: opensearchproject/opensearch-dashboards:2.0.0
container_name: opensearch-dashboards
ports:
- 5601:5601
expose:
- "5601"
environment:
- 'OPENSEARCH_HOSTS=["https://opensearch-node1:9200","https://opensearch-node2:9200"]' # must be a string with no spaces when specified as an environment variable
#- "DISABLE_SECURITY_DASHBOARDS_PLUGIN=true"
networks:
- opensearch-net
networks:
opensearch-net:
The text was updated successfully, but these errors were encountered: