X-pack to aws security conversion for LDAP

Security
1

Is there any information about making the switch from X-pack to AWS security?

This is our working LDAP config. We use a cert to connect to our LDAP and were using realms and saving the BIND password in the keystore using this command.

bin/elasticsearch-keystore add xpack.security.authc.realms.ldap2.secure_bind_password
Then what do we set for all the opendisto settings?

Can we use all the default AWS certs for testing LDAP for now?

######## Start OpenDistro for Elasticsearch Security Demo Configuration ########

WARNING: revise all the lines below before you go into production

opendistro_security.ssl.transport.pemcert_filepath: esnode.pem
opendistro_security.ssl.transport.pemkey_filepath: esnode-key.pem
opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
opendistro_security.ssl.transport.enforce_hostname_verification: false
opendistro_security.ssl.http.enabled: true
opendistro_security.ssl.http.pemcert_filepath: esnode.pem
opendistro_security.ssl.http.pemkey_filepath: esnode-key.pem
opendistro_security.ssl.http.pemtrustedcas_filepath: /etc/elasticsearch/root-ca.pem
opendistro_security.allow_unsafe_democertificates: true
opendistro_security.allow_default_init_securityindex: true
opendistro_security.authcz.admin_dn:

  • CN=kirk,OU=client,O=client,L=test, C=de

opendistro_security.audit.type: internal_elasticsearch
opendistro_security.enable_snapshot_restore_privilege: true
opendistro_security.check_snapshot_restore_write_privileges: true
opendistro_security.restapi.roles_enabled: [“all_access”, “security_rest_api_access”]
cluster.routing.allocation.disk.threshold_enabled: false
node.max_local_storage_nodes: 3
######## End OpenDistro for Elasticsearch Security Demo Configuration ########

ldap2:
type: ldap
order: 1
url: “ldaps://zzzz.zzzz.com:636”
timeout.tcp_read: 30s
follow_referrals: false
ssl:
certificate_authorities: [ “/apps/elasticsearch/config/zzzz-root-ca.pem” ]
bind_dn: “CN=_zzzz_zzzzzbind,OU=zzzzzBind,OU=Service Accounts,OU=Domain Users,DC=ad,DC=zzzzzz,DC=com”
user_search:
base_dn: “DC=ad,DC=zzzz,DC=com”
attribute: cn
group_search:
base_dn: “DC=ad,DC=zzzz,DC=com”
files:
role_mapping: “/apps/elasticsearch/config/role_mapping.yml”
unmapped_groups_as_roles: false

    native1:
      type: native
      order: 0
2

@plarsen Did you manage to get this resolved?