Error: Empty file path for opendistro_security.ssl.transport.truststore_filepath

Hello,

I cannot get the LDAP connection to work. When I start the Elasticsearch service the following entries are is in the log:
[2019-05-22T10:15:09,703][WARN ][c.a.d.a.l.b.LDAPAuthorizationBackend] [QOMiEqc] Unable to connect to ldapserver gtm-pureldap.mydomain.info:636 due to ElasticsearchException[Empty file path for opendistro_security.ssl.transport.truststore_filepath]. Try next.

I did the following configuration in the

  • elasticsearch.yml:

WARNING: revise all the lines below before you go into production

opendistro_security.ssl.transport.pemcert_filepath: /etc/elasticsearch/opendistro-test-all-fra11-1.crt
opendistro_security.ssl.transport.pemkey_filepath: /etc/elasticsearch/opendistro-test-all-fra11-1-pkcs8.key
opendistro_security.ssl.transport.pemtrustedcas_filepath: /etc/elasticsearch/ca_chain.pem
opendistro_security.ssl.transport.enforce_hostname_verification: false
opendistro_security.ssl.http.enabled: true
opendistro_security.ssl.http.pemcert_filepath: /etc/elasticsearch/opendistro-test-all-fra11-1.crt
opendistro_security.ssl.http.pemkey_filepath: /etc/elasticsearch/opendistro-test-all-fra11-1-pkcs8.key
opendistro_security.ssl.http.pemtrustedcas_filepath: /etc/elasticsearch/ca_chain.pem
#opendistro_security.allow_unsafe_democertificates: true
opendistro_security.allow_default_init_securityindex: true
opendistro_security.audit.type: internal_elasticsearch
opendistro_security.enable_snapshot_restore_privilege: true
opendistro_security.check_snapshot_restore_write_privileges: true
opendistro_security.restapi.roles_enabled: [“all_access”, “security_rest_api_access”]
cluster.routing.allocation.disk.threshold_enabled: false
node.max_local_storage_nodes: 3
######## End OpenDistro for Elasticsearch Security Demo Configuration ########
opendistro_security.nodes_dn:

  • “CN=opendistro-test-
    opendistro_security.authcz.admin_dn:
  • “CN=admin,OU=MYUNIT,O=MYORG,L=DUS,ST=NRW,C=DE”
  • config.yml:

    my_ldap:
    enabled: true
    order: 1
    http_authenticator:
    type: basic
    challenge: true
    authentication_backend:
    type: ldap
    config:
    enable_ssl: true
    enable_start_tls: false
    enable_ssl_client_auth: false
    verify_hostnames: false
    pemtrustedcas_filepath: /etc/elasticsearch/ca_chain.pem
    hosts:
    - gtm-pureldap.mydomain.info:636
    bind_dn: cn=elastic,OU=serviceAccounts,OU=Elastic,OU=applicationManagement,DC=metrogroup,DC=net
    password: ********
    userbase: ‘DC=metrogroup,DC=net’
    usersearch: ‘cn={0}’
    username_attribute: uid

I also added additionally the line:
pemtrustedcas_filepath: /etc/elasticsearch/ca_chain.pem
But without success.

The cluster works with all nodes! Elasticsearch REST API works with internal user/pw admin/admin.

We have other clusters with X-Pack running where we use LDAP connection. Our x-pack configuration is:

xpack:
security:
authc:
realms:
native1:
type: native
order: 0
ldap1:
type: ldap
order: 1
url: “ldaps://gtm-pureldap.mydomain.info:636”
ssl:
certificate_authorities: [ “/etc/elasticsearch/x-pack/ca_chain.pem” ]
bind_dn: “cn=elastic,OU=serviceAccounts,OU=Elastic,OU=applicationManagement,DC=metrogroup,DC=net”
bind_password: **************
user_search:
base_dn: “DC=metrogroup,DC=net”
filter: cn={0}
group_search:
base_dn: “DC=metrogroup,DC=net”
files:
role_mapping: “/etc/elasticsearch/x-pack/role_mapping.yml”
unmapped_groups_as_roles: false

Can somebody help?

Many thanx in advance!

Martin

Any news? Got somebody LDAP connetion to work?