LDAP for OpenDistro ES NOT WORKING!

I have been through a lot of documents to have LDAP auth for open distro but I can not get my LDAP auth working. Can someone please give step by step process of how can I make LDAP work with open distro.

Yes I have tried Amazon’s https://aws.amazon.com/blogs/opensource/ldap-integration-for-open-distro-for-elasticsearch/ but it lacks a lot of information and not been useful for me.

Can anyone please explain step by step how can I set everything?

Thank you in advance.

hi, in my case it works only, when i specify full name of service user.
bind_dn: cn=firstname lastname,ou=country,dc=domain,dc=com

Is there anything else I need to set? Because I am getting error “Authentication finally failed for user x”. Looks like it’s not connecting to my LDAP at all. Is there any test that I can perform in order to at least see if my LDAP connection works?

first of all, check network access between your server and LDAP (389 port as default). Then lookup in Kibana logs for detailed LDAP error. Also, there is utility in Linux named ldapwhoami, if you pass the correct parameters like bind dn\password, server/port you can check a ldap connection and basic search for this DN. Then you can use utility ldapsearch to actually search user. If its works fine, then Kibana LDAP should also work fine.
Consult your admins for correct LDAP Directory search and param for user login (e.g. sAMAccountName).

Based on my experience, LDAP Auth works fine. Also, can you post some logs with errors and config (without passwords)?

Hi Thanks for the response. Can you please give me the example how can I check LDAP connection from command line?

I found that if set enabled: true in 1.0 it will not work at all!, In previous version I used it in my configuration, but in 1.0 I comment it, and then it start working.

      ldap:
          description: "Authenticate via LDAP or Active Directory" 
 #        enabled: true
        order: 2
        http_authenticator:
          type: basic
          challenge: false
        authentication_backend:
          type: ldap
          config:
            enable_ssl: false
            enable_start_tls: false
            enable_ssl_client_auth: false
            verify_hostnames: true
            hosts:
            - 192.168.0.1:389
            bind_dn: cn=user,ou=country,dc=domain,dc=com
            password: pass
            userbase: 'dc=domain,dc=com'
            usersearch: '(sAMAccountName={0})'
            username_attribute: cn

it’s the same error im getting D:
could you solve it?

I had the same problem and i solved it by changing my config.yml this way:

authc:
ldap:
description: “Authenticate via LDAP or Active Directory”
http_enabled: true
transport_enabled: true
order: 1

Were you able to get SSL working with LDAP ?

This question was not about SSL over LDAP, but I have gotten LDAP-S working for authentication and authorization. I am still working on access to kibana with an LDAP user, but I may be able to help. If you haven’t yet, you may want to post a question specifically about LDAP-S if that’s what you need help with.

Hey, sorry for hijacking the thread earlier. Yes, I have got it working now. Thanks anyways. Cheers.

@kiowajoe I’m having trouble configuring ldaps. Could you please help me?Thanks Configuration for LDAPS