Phani, We just released Shield 1.1 and 1.2 (https://www.elastic.co/blog/shield-1-1-and-1-2-released). LDAP user search is included and may be worth trying out. If you were to use it, I think your configuration would look something like:
shield: authc: realms: ldap1: type: ldap order: 0 url: "ldap://ldapserver:389" bind_dn: "cn=Manager,dc=test,dc=org" bind_password: changeme user_search: base_dn: "ou=People,dc=test,dc=org" group_search: base_dn: "dc=test,dc=org" This assumes the "cn=Manager,dc=test,dc=org" is a user with search credentials on the ldap. The earlier questions I had about groups would still apply On Monday, March 23, 2015 at 6:08:48 PM UTC-4, Jay Modi wrote: > > Since you are using uid, your setup would look something like this > > shield: > authc: > realms: > ldap1: > type: ldap > order: 0 > url: "ldap://ldapserver:389" > user_dn_templates: > - "uid={0}, ou=People,dc=test,dc=org" > > This assumes all users are directly in the People OU. If that is not the > case, you'll have to update the template or add additional templates. Can > you tell me a little more about how the groups are setup in your ldap? What > is their objectClass and do they have the member, unqiueMember, or > memberUid attribute? You will probably need to configure the group search > and that additional information will be necessary to ensure it works. > > Also to help with debugging, it is helpful to set "shield.authc: DEBUG" in > the logging.yml file > > On Monday, March 23, 2015 at 2:43:29 AM UTC-4, phani.n...@goktree.com > wrote: >> >> Hi Jay, >> >> sorry for late reply . I am using openldap server .i followed the >> configurations given by es people i did like in example but i am not able >> to login with ldap credentials.is ldap in elastic search is mount ldap >> or it will import users in to the file? >> i have tried following link >> >> http://www.elastic.co/guide/en/shield/current/ldap.html . but i >> didn't get proper result i have the following configurations to my LDAP >> server.please find the following. >> >> Principal : cn=Manager,dc=test,dc=org >> Base DN : ou=People,dc=test,dc=org >> >> filter : uid=%s >> >> the above are my ldap configuration details please suggest me >> how can we achieve with above credentials my using above link ( >> http://www.elastic.co/guide/en/shield/current/ldap.html ) >> >> Thanks, >> phani >> >> >> On Wednesday, March 18, 2015 at 8:05:37 PM UTC+5:30, Jay Modi wrote: >>> >>> What type of LDAP server are you integrating with? We have some >>> documentation for LDAP setup, >>> http://www.elastic.co/guide/en/shield/current/ldap.html. >>> >>> If you are using Active Directory, there is a specific realm for it that >>> abstracts some of the LDAP setup to make it simpler: >>> http://www.elastic.co/guide/en/shield/current/active_directory.html >>> >>> On Wednesday, March 18, 2015 at 9:12:27 AM UTC-4, phani.n...@goktree.com >>> wrote: >>>> >>>> Thank you Jay for quick reply yes it got worked I changed the path to >>>> es_home config.now authentication is performing fine next I am looking in >>>> to LDAP integration with elastic search can you suggest me steps how can >>>> we >>>> integrate ldap to elasticsearch. >>>> >>>> >>>> Thanks >>>> phani. >>>> >>>> On Wednesday, March 18, 2015 at 6:20:29 PM UTC+5:30, Jay Modi wrote: >>>>> >>>>> Hi Phani, >>>>> >>>>> I think the correct thing to do is: >>>>> >>>>> export ES_JAVA_OPTS="-Des.path.conf=/etc/elasticsearch" >>>>> bin/shield/esusers useradd es_admin -r admin >>>>> >>>>> Verify that /etc/elasticsearch/shield/users exists and contains an >>>>> entry for the admin user. Once you have confirmed that, then try to >>>>> authenticate. >>>>> >>>>> The issue with steps you have taken is that your elasticsearch >>>>> instance is looking for configuration in /etc/elasticsearch and the >>>>> configuration for Shield is in ES_HOME by default. The packaged versions >>>>> of >>>>> elasticsearch expect all configuration (including that for plugins) to be >>>>> in /etc/elasticsearch. We're looking at how we can make this easier. >>>>> >>>>> On Wednesday, March 18, 2015 at 5:33:36 AM UTC-4, >>>>> phani.n...@goktree.com wrote: >>>>>> >>>>>> HI Jay, >>>>>> >>>>>> Thank you for the reply i tried the following steps. >>>>>> >>>>>> i did .rpm installation in linux servers my configuration file >>>>>> located at /etc/elasticsearch (main es coniguration file) >>>>>> >>>>>> But when i install shied i see there is a configurations directory >>>>>> created inside ES_HOME(/usr/share/elasticsearch/config) >>>>>> >>>>>> I issued following command to add path :export >>>>>> ES_JAVA_OPTS="-Des.path.conf=/usr/share/elasticsearch/config" >>>>>> >>>>>> i am able to create user but when i try to authenticate it is >>>>>> not validating even though we added the path. please suggest me if i am >>>>>> doing wrong here? >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> On Monday, March 16, 2015 at 10:12:00 PM UTC+5:30, Jay Modi wrote: >>>>>>> >>>>>>> Hi Phani, >>>>>>> >>>>>>> How did you install elasticsearch and where is your elasticsearch >>>>>>> configuration located? If you have used a RPM or DEB package, you will >>>>>>> need >>>>>>> to add an environment variable before running the esusers command, >>>>>>> please >>>>>>> see >>>>>>> http://www.elastic.co/guide/en/shield/current/getting-started.html >>>>>>> >>>>>>> On Monday, March 16, 2015 at 7:57:48 AM UTC-7, >>>>>>> phani.n...@goktree.com wrote: >>>>>>>> >>>>>>>> Hi All, >>>>>>>> >>>>>>>> I am using elastic version 1.4.2 in development i installed >>>>>>>> elasticsearch shield on each node of my cluster i have 3 nodes in my >>>>>>>> cluster. >>>>>>>> >>>>>>>> i followed the below procedure to install shield. >>>>>>>> >>>>>>>> *Step 1: Install* bin/plugin -i >>>>>>>> elasticsearch/license/latestbin/plugin >>>>>>>> -i elasticsearch/shield/latest *Step 2: Start Elasticsearch* >>>>>>>> bin/elasticsearch *Step 3: Add an admin user* bin/shield/esusers >>>>>>>> useradd es_admin -r admin *Step 4: Try it out - secured* curl >>>>>>>> -XGET 'http://localhost:9200/' *Step 5: And with a user* curl >>>>>>>> -u es_admin -XGET 'http://localhost:9200 >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> i added admin user by using above command but when i tried to get >>>>>>>> cluster health status form sense console it is asking password >>>>>>>> when i enter my admin password it is showing authentication failed >>>>>>>> exception from console. please suggest me what could be the issues am >>>>>>>> i >>>>>>>> doing wrong any where? >>>>>>>> >>>>>>>> Thanks >>>>>>>> phani >>>>>>>> >>>>>>> -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/122b9dc4-ac0a-4a1e-9c22-d3bbfa7bafe2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.