Since you are using uid, your setup would look something like this
shield:
authc:
realms:
ldap1:
type: ldap
order: 0
url: "ldap://ldapserver:389";
user_dn_templates:
- "uid={0}, ou=People,dc=test,dc=org"
This assumes all users are directly in the People OU. If that is not the
case, you'll have to update the template or add additional templates. Can
you tell me a little more about how the groups are setup in your ldap? What
is their objectClass and do they have the member, unqiueMember, or
memberUid attribute? You will probably need to configure the group search
and that additional information will be necessary to ensure it works.
Also to help with debugging, it is helpful to set "shield.authc: DEBUG" in
the logging.yml file
On Monday, March 23, 2015 at 2:43:29 AM UTC-4, [email protected] wrote:
>
> Hi Jay,
>
> sorry for late reply . I am using openldap server .i followed the
> configurations given by es people i did like in example but i am not able
> to login with ldap credentials.is ldap in elastic search is mount ldap or
> it will import users in to the file?
> i have tried following link
>
> http://www.elastic.co/guide/en/shield/current/ldap.html . but i
> didn't get proper result i have the following configurations to my LDAP
> server.please find the following.
>
> Principal : cn=Manager,dc=test,dc=org
> Base DN : ou=People,dc=test,dc=org
>
> filter : uid=%s
>
> the above are my ldap configuration details please suggest me
> how can we achieve with above credentials my using above link (
> http://www.elastic.co/guide/en/shield/current/ldap.html )
>
> Thanks,
> phani
>
>
> On Wednesday, March 18, 2015 at 8:05:37 PM UTC+5:30, Jay Modi wrote:
>>
>> What type of LDAP server are you integrating with? We have some
>> documentation for LDAP setup,
>> http://www.elastic.co/guide/en/shield/current/ldap.html.
>>
>> If you are using Active Directory, there is a specific realm for it that
>> abstracts some of the LDAP setup to make it simpler:
>> http://www.elastic.co/guide/en/shield/current/active_directory.html
>>
>> On Wednesday, March 18, 2015 at 9:12:27 AM UTC-4, [email protected]
>> wrote:
>>>
>>> Thank you Jay for quick reply yes it got worked I changed the path to
>>> es_home config.now authentication is performing fine next I am looking in
>>> to LDAP integration with elastic search can you suggest me steps how can we
>>> integrate ldap to elasticsearch.
>>>
>>>
>>> Thanks
>>> phani.
>>>
>>> On Wednesday, March 18, 2015 at 6:20:29 PM UTC+5:30, Jay Modi wrote:
>>>>
>>>> Hi Phani,
>>>>
>>>> I think the correct thing to do is:
>>>>
>>>> export ES_JAVA_OPTS="-Des.path.conf=/etc/elasticsearch"
>>>> bin/shield/esusers useradd es_admin -r admin
>>>>
>>>> Verify that /etc/elasticsearch/shield/users exists and contains an
>>>> entry for the admin user. Once you have confirmed that, then try to
>>>> authenticate.
>>>>
>>>> The issue with steps you have taken is that your elasticsearch instance
>>>> is looking for configuration in /etc/elasticsearch and the configuration
>>>> for Shield is in ES_HOME by default. The packaged versions of
>>>> elasticsearch
>>>> expect all configuration (including that for plugins) to be in
>>>> /etc/elasticsearch. We're looking at how we can make this easier.
>>>>
>>>> On Wednesday, March 18, 2015 at 5:33:36 AM UTC-4,
>>>> [email protected] wrote:
>>>>>
>>>>> HI Jay,
>>>>>
>>>>> Thank you for the reply i tried the following steps.
>>>>>
>>>>> i did .rpm installation in linux servers my configuration file
>>>>> located at /etc/elasticsearch (main es coniguration file)
>>>>>
>>>>> But when i install shied i see there is a configurations directory
>>>>> created inside ES_HOME(/usr/share/elasticsearch/config)
>>>>>
>>>>> I issued following command to add path :export
>>>>> ES_JAVA_OPTS="-Des.path.conf=/usr/share/elasticsearch/config"
>>>>>
>>>>> i am able to create user but when i try to authenticate it is
>>>>> not validating even though we added the path. please suggest me if i am
>>>>> doing wrong here?
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Monday, March 16, 2015 at 10:12:00 PM UTC+5:30, Jay Modi wrote:
>>>>>>
>>>>>> Hi Phani,
>>>>>>
>>>>>> How did you install elasticsearch and where is your elasticsearch
>>>>>> configuration located? If you have used a RPM or DEB package, you will
>>>>>> need
>>>>>> to add an environment variable before running the esusers command,
>>>>>> please
>>>>>> see
>>>>>> http://www.elastic.co/guide/en/shield/current/getting-started.html
>>>>>>
>>>>>> On Monday, March 16, 2015 at 7:57:48 AM UTC-7, [email protected]
>>>>>> wrote:
>>>>>>>
>>>>>>> Hi All,
>>>>>>>
>>>>>>> I am using elastic version 1.4.2 in development i installed
>>>>>>> elasticsearch shield on each node of my cluster i have 3 nodes in my
>>>>>>> cluster.
>>>>>>>
>>>>>>> i followed the below procedure to install shield.
>>>>>>>
>>>>>>> *Step 1: Install* bin/plugin -i
>>>>>>> elasticsearch/license/latestbin/plugin
>>>>>>> -i elasticsearch/shield/latest *Step 2: Start Elasticsearch*
>>>>>>> bin/elasticsearch *Step 3: Add an admin user* bin/shield/esusers
>>>>>>> useradd es_admin -r admin *Step 4: Try it out - secured* curl
>>>>>>> -XGET 'http://localhost:9200/' *Step 5: And with a user* curl -u
>>>>>>> es_admin -XGET 'http://localhost:9200
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> i added admin user by using above command but when i tried to get
>>>>>>> cluster health status form sense console it is asking password
>>>>>>> when i enter my admin password it is showing authentication failed
>>>>>>> exception from console. please suggest me what could be the issues am i
>>>>>>> doing wrong any where?
>>>>>>>
>>>>>>> Thanks
>>>>>>> phani
>>>>>>>
>>>>>>
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/a890672c-0cfb-4394-b996-4841a566ff71%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
