LDAP for OpenDistro ES NOT WORKING!

I have been through a lot of documents to have LDAP auth for open distro but I can not get my LDAP auth working. Can someone please give step by step process of how can I make LDAP work with open distro.

Yes I have tried Amazon’s https://aws.amazon.com/blogs/opensource/ldap-integration-for-open-distro-for-elasticsearch/ but it lacks a lot of information and not been useful for me.

Can anyone please explain step by step how can I set everything?

Thank you in advance.

hi, in my case it works only, when i specify full name of service user.
bind_dn: cn=firstname lastname,ou=country,dc=domain,dc=com

Is there anything else I need to set? Because I am getting error “Authentication finally failed for user x”. Looks like it’s not connecting to my LDAP at all. Is there any test that I can perform in order to at least see if my LDAP connection works?

first of all, check network access between your server and LDAP (389 port as default). Then lookup in Kibana logs for detailed LDAP error. Also, there is utility in Linux named ldapwhoami, if you pass the correct parameters like bind dn\password, server/port you can check a ldap connection and basic search for this DN. Then you can use utility ldapsearch to actually search user. If its works fine, then Kibana LDAP should also work fine.
Consult your admins for correct LDAP Directory search and param for user login (e.g. sAMAccountName).

Based on my experience, LDAP Auth works fine. Also, can you post some logs with errors and config (without passwords)?

Hi Thanks for the response. Can you please give me the example how can I check LDAP connection from command line?

I found that if set enabled: true in 1.0 it will not work at all!, In previous version I used it in my configuration, but in 1.0 I comment it, and then it start working.

      ldap:
          description: "Authenticate via LDAP or Active Directory" 
 #        enabled: true
        order: 2
        http_authenticator:
          type: basic
          challenge: false
        authentication_backend:
          type: ldap
          config:
            enable_ssl: false
            enable_start_tls: false
            enable_ssl_client_auth: false
            verify_hostnames: true
            hosts:
            - 192.168.0.1:389
            bind_dn: cn=user,ou=country,dc=domain,dc=com
            password: pass
            userbase: 'dc=domain,dc=com'
            usersearch: '(sAMAccountName={0})'
            username_attribute: cn