Closed sevenval-admins closed 2 years ago
sevenval-admins
commented
2 years ago Is there any configurable option in opensearch similar to the elasticsearch follow_referral? Because the first line of the logs says Could not follow referral to ldap://ForestDnsZones.example.com/DC=ForestDnsZones,DC=example,DC=com, and I thing it could be a good point to start.
sevenval-admins
commented
2 years ago Here is my LDAP-Config:
config.yml: |-
_meta:
type: "config"
config_version: "2"
config:
dynamic:
http:
anonymous_auth_enabled: false
authc:
basic_internal_auth_domain:
http_enabled: true
transport_enabled: true
order: "4"
http_authenticator:
type: basic
challenge: true
authentication_backend:
type: intern
ldap:
http_enabled: true
transport_enabled: true
order: "1"
http_authenticator:
type: basic
challenge: true
authentication_backend:
type: ldap
config:
enable_ssl: false
enable_start_tls: false
enable_ssl_client_auth: false
verify_hostnames: false
hosts: "my-ldap.example.com:389"
bind_dn: "CN=some_cn,OU=some_ou,OU=some_ou,DC=example,DC=com"
password: "xxxxxxx"
userbase: "DC=example,DC=com"
usersearch: "(sAMAccountName={0})"
username_attribute: "uid"
authz:
ldap:
http_enabled: true
transport_enabled: true
authorization_backend:
type: ldap
config:
enable_ssl: false
enable_start_tls: false
enable_ssl_client_auth: false
verify_hostnames: false
hosts: "my-ldap.example.com:389"
bind_dn: "CN=some_cn,OU=some_ou,OU=some_ou,DC=example,DC=com"
password: "xxxxxxx"
userbase: "DC=example,DC=com"
rolebase: "DC=example,DC=com"
rolesearch: "(member={0})"
rolename: "cn"
username_attribute: "uid"
usersearch: "(sAMAccountName={0})"
resolve_nested_roles: true
skip_users:
- kibanaserver
- admin
peterzhuamazon
commented
2 years ago I havent seen this issue before but I also have not tried to connect via ldap. cc: @DandyDeveloper @TheAlgo to see if they have seen this before.
Thanks.
TheAlgo
commented
2 years ago I havent seen this issue before but I also have not tried to connect via ldap. cc: @DandyDeveloper @TheAlgo to see if they have seen this before.
Thanks.
Same here I have not tried connecting with LDAP either, need to try this out in order to reproduce this issue
DandyDeveloper
commented
2 years ago I've used OIDC which isn't too different configuration wise but this isn't chart related. Definitely more an Opensearch Dashboard issue, most likely the configuration.
@sevenval-admins Can you provide the full context of the log on Dashboards when you do this?
sevenval-admins
commented
2 years ago Thanks to everybody for the answers. I have solved the problem by using global-catalog port in LDAP-config, namely 3269 for TLS and 3268 without.
subbareddydagumati
commented
2 years ago @sevenval-admins Can you please explain in detail how did you fix this issue. I am also having the same issue.
Describe the bug Hello everyone, I have installed the two charts and configured opensearch in order to login via my LDAP-Server. The problem is that the authentication fails randomly (incorrect username or password). It can happen that I can log in straight away, or that I have to try 5, 6, 10 times and refresh the page before I can. Here are the logs:
Did anyone of you already seen that? Is there any configurable option that can have an impact on the timeout?
Expected behavior Login should always succeed
Chart Name opesearch/opensearch-dashboard
Host/Environment (please complete the following information):
Additional context In addition to what described, sometimes after a failed login appears this warning:
After that I click on "Clear your session", than I don´t experience login problems for a certain amount of time.