Phani,
We just released Shield 1.1 and 1.2
(https://www.elastic.co/blog/shield-1-1-and-1-2-released). LDAP user search
is included and may be worth trying out. If you were to use it, I think
your configuration would look something like:
shield:
authc:
realms:
ldap1:
type: ldap
order: 0
url: "ldap://ldapserver:389";
bind_dn: "cn=Manager,dc=test,dc=org"
bind_password: changeme
user_search:
base_dn: "ou=People,dc=test,dc=org"
group_search:
base_dn: "dc=test,dc=org"
This assumes the "cn=Manager,dc=test,dc=org" is a user with search
credentials on the ldap. The earlier questions I had about groups would
still apply
On Monday, March 23, 2015 at 6:08:48 PM UTC-4, Jay Modi wrote:
>
> Since you are using uid, your setup would look something like this
>
> shield:
> authc:
> realms:
> ldap1:
> type: ldap
> order: 0
> url: "ldap://ldapserver:389";
> user_dn_templates:
> - "uid={0}, ou=People,dc=test,dc=org"
>
> This assumes all users are directly in the People OU. If that is not the
> case, you'll have to update the template or add additional templates. Can
> you tell me a little more about how the groups are setup in your ldap? What
> is their objectClass and do they have the member, unqiueMember, or
> memberUid attribute? You will probably need to configure the group search
> and that additional information will be necessary to ensure it works.
>
> Also to help with debugging, it is helpful to set "shield.authc: DEBUG" in
> the logging.yml file
>
> On Monday, March 23, 2015 at 2:43:29 AM UTC-4, phani.n...@goktree.com
> wrote:
>>
>> Hi Jay,
>>
>> sorry for late reply . I am using openldap server .i followed the
>> configurations given by es people i did like in example but i am not able
>> to login with ldap credentials.is ldap in elastic search is mount ldap
>> or it will import users in to the file?
>> i have tried following link
>>
>> http://www.elastic.co/guide/en/shield/current/ldap.html . but i
>> didn't get proper result i have the following configurations to my LDAP
>> server.please find the following.
>>
>> Principal : cn=Manager,dc=test,dc=org
>> Base DN : ou=People,dc=test,dc=org
>>
>> filter : uid=%s
>>
>> the above are my ldap configuration details please suggest me
>> how can we achieve with above credentials my using above link (
>> http://www.elastic.co/guide/en/shield/current/ldap.html )
>>
>> Thanks,
>> phani
>>
>>
>> On Wednesday, March 18, 2015 at 8:05:37 PM UTC+5:30, Jay Modi wrote:
>>>
>>> What type of LDAP server are you integrating with? We have some
>>> documentation for LDAP setup,
>>> http://www.elastic.co/guide/en/shield/current/ldap.html.
>>>
>>> If you are using Active Directory, there is a specific realm for it that
>>> abstracts some of the LDAP setup to make it simpler:
>>> http://www.elastic.co/guide/en/shield/current/active_directory.html
>>>
>>> On Wednesday, March 18, 2015 at 9:12:27 AM UTC-4, phani.n...@goktree.com
>>> wrote:
>>>>
>>>> Thank you Jay for quick reply yes it got worked I changed the path to
>>>> es_home config.now authentication is performing fine next I am looking in
>>>> to LDAP integration with elastic search can you suggest me steps how can
>>>> we
>>>> integrate ldap to elasticsearch.
>>>>
>>>>
>>>> Thanks
>>>> phani.
>>>>
>>>> On Wednesday, March 18, 2015 at 6:20:29 PM UTC+5:30, Jay Modi wrote:
>>>>>
>>>>> Hi Phani,
>>>>>
>>>>> I think the correct thing to do is:
>>>>>
>>>>> export ES_JAVA_OPTS="-Des.path.conf=/etc/elasticsearch"
>>>>> bin/shield/esusers useradd es_admin -r admin
>>>>>
>>>>> Verify that /etc/elasticsearch/shield/users exists and contains an
>>>>> entry for the admin user. Once you have confirmed that, then try to
>>>>> authenticate.
>>>>>
>>>>> The issue with steps you have taken is that your elasticsearch
>>>>> instance is looking for configuration in /etc/elasticsearch and the
>>>>> configuration for Shield is in ES_HOME by default. The packaged versions
>>>>> of
>>>>> elasticsearch expect all configuration (including that for plugins) to be
>>>>> in /etc/elasticsearch. We're looking at how we can make this easier.
>>>>>
>>>>> On Wednesday, March 18, 2015 at 5:33:36 AM UTC-4,
>>>>> phani.n...@goktree.com wrote:
>>>>>>
>>>>>> HI Jay,
>>>>>>
>>>>>> Thank you for the reply i tried the following steps.
>>>>>>
>>>>>> i did .rpm installation in linux servers my configuration file
>>>>>> located at /etc/elasticsearch (main es coniguration file)
>>>>>>
>>>>>> But when i install shied i see there is a configurations directory
>>>>>> created inside ES_HOME(/usr/share/elasticsearch/config)
>>>>>>
>>>>>> I issued following command to add path :export
>>>>>> ES_JAVA_OPTS="-Des.path.conf=/usr/share/elasticsearch/config"
>>>>>>
>>>>>> i am able to create user but when i try to authenticate it is
>>>>>> not validating even though we added the path. please suggest me if i am
>>>>>> doing wrong here?
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Monday, March 16, 2015 at 10:12:00 PM UTC+5:30, Jay Modi wrote:
>>>>>>>
>>>>>>> Hi Phani,
>>>>>>>
>>>>>>> How did you install elasticsearch and where is your elasticsearch
>>>>>>> configuration located? If you have used a RPM or DEB package, you will
>>>>>>> need
>>>>>>> to add an environment variable before running the esusers command,
>>>>>>> please
>>>>>>> see
>>>>>>> http://www.elastic.co/guide/en/shield/current/getting-started.html
>>>>>>>
>>>>>>> On Monday, March 16, 2015 at 7:57:48 AM UTC-7,
>>>>>>> phani.n...@goktree.com wrote:
>>>>>>>>
>>>>>>>> Hi All,
>>>>>>>>
>>>>>>>> I am using elastic version 1.4.2 in development i installed
>>>>>>>> elasticsearch shield on each node of my cluster i have 3 nodes in my
>>>>>>>> cluster.
>>>>>>>>
>>>>>>>> i followed the below procedure to install shield.
>>>>>>>>
>>>>>>>> *Step 1: Install* bin/plugin -i
>>>>>>>> elasticsearch/license/latestbin/plugin
>>>>>>>> -i elasticsearch/shield/latest *Step 2: Start Elasticsearch*
>>>>>>>> bin/elasticsearch *Step 3: Add an admin user* bin/shield/esusers
>>>>>>>> useradd es_admin -r admin *Step 4: Try it out - secured* curl
>>>>>>>> -XGET 'http://localhost:9200/' *Step 5: And with a user* curl
>>>>>>>> -u es_admin -XGET 'http://localhost:9200
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> i added admin user by using above command but when i tried to get
>>>>>>>> cluster health status form sense console it is asking password
>>>>>>>> when i enter my admin password it is showing authentication failed
>>>>>>>> exception from console. please suggest me what could be the issues am
>>>>>>>> i
>>>>>>>> doing wrong any where?
>>>>>>>>
>>>>>>>> Thanks
>>>>>>>> phani
>>>>>>>>
>>>>>>>
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/122b9dc4-ac0a-4a1e-9c22-d3bbfa7bafe2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
