Unable to connect to LDAP server
hsachan22 opened this issue · comments
I am unable to connect to ldap server with below readonlyrest config.
readonlyrest:
access_control_rules:
- name: "::KIBANA-SRV::"
type: allow
auth_key: kibana:kibana
- name: Accept requests from users
type: allow
ldap_authentication:
name: "ldap1"
ldaps:
- name: ldap1
host: "172.18.6.10"
port: 3268
ssl_enabled: false
ssl_trust_all_certs: true
bind_dn: "${env:LDAP_BIND_DN}"
bind_password: "${env:LDAP_PASSWORD}"
search_user_base_DN: "${env:LDAP_BASE_DN}"
user_id_attribute: "sAMAccountName"
search_groups_base_DN: "${env:LDAP_BASE_DN}"
connection_timeout: 1s
request_timeout: 2s
Here'e the error I'm getting:
{
"@timestamp": "2023-07-19T09:04:49.514Z",
"log.level": "ERROR",
"message": "LDAP binding exception",
"ecs.version": "1.2.0",
"service.name": "ES_ECS",
"event.dataset": "elasticsearch.server",
"process.thread.name": "scala-execution-context-global-53",
"log.logger": "tech.beshu.ror.accesscontrol.blocks.definitions.ldap.implementations.UnboundidLdapConnectionPoolProvider$",
"elasticsearch.cluster.uuid": "HkI1Fb8fQyGS8pE8U-5QVg",
"elasticsearch.node.id": "fQtSene3QBmDesc5uG-UVg",
"elasticsearch.node.name": "ror-es01",
"elasticsearch.cluster.name": "ror-cluster",
"error.type": "com.unboundid.ldap.sdk.LDAPException",
"error.message": "An error occurred while attempting to connect to server 172.18.6.10:3268: IOException(LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server /172.18.6.10:3268: SocketTimeoutException(Connect timed out), ldapSDKVersion=6.0.6, revision=b8c6c463def55758ed8ec0d914c84268c944251c'))",
"error.stack_trace": "LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to connect to server 172.18.6.10:3268: IOException(LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server /172.18.6.10:3268: SocketTimeoutException(Connect timed out), ldapSDKVersion=6.0.6, revision=b8c6c463def55758ed8ec0d914c84268c944251c'))')\n\tat com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:943)\n\tat com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:829)\n\tat com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:767)\n\tat com.unboundid.ldap.sdk.LDAPConnection.<init>(LDAPConnection.java:587)\n\tat com.unboundid.ldap.sdk.SingleServerSet.getConnection(SingleServerSet.java:329)\n\tat com.unboundid.ldap.sdk.SingleServerSet.getConnection(SingleServerSet.java:315)\n\tat tech.beshu.ror.accesscontrol.blocks.definitions.ldap.implementations.UnboundidLdapConnectionPoolProvider$.$anonfun$testBindingForAllHosts$1(UnboundidLdapConnectionPoolProvider.scala:162)\n\tat fromAutoCloseable @ tech.beshu.ror.buildinfo.BuildInfoReader$.tryWithResources(BuildInfoReader.scala:53)\n\tat fromAutoCloseable @ tech.beshu.ror.buildinfo.BuildInfoReader$.tryWithResources(BuildInfoReader.scala:53)\n\tat use @ tech.beshu.ror.buildinfo.BuildInfoReader$.tryWithResources(BuildInfoReader.scala:54)\n\tat delayExecution @ tech.beshu.ror.configuration.loader.ConfigLoadingInterpreter$.tech$beshu$ror$configuration$loader$ConfigLoadingInterpreter$$loadFromIndex(ConfigLoadingInterpreter.scala:100)\n\tat fromAutoCloseable @ tech.beshu.ror.buildinfo.BuildInfoReader$.tryWithResources(BuildInfoReader.scala:53)\n\tat fromAutoCloseable @ tech.beshu.ror.buildinfo.BuildInfoReader$.tryWithResources(BuildInfoReader.scala:53)\n\tat use @ tech.beshu.ror.buildinfo.BuildInfoReader$.tryWithResources(BuildInfoReader.scala:54)\n\tat delayExecution @ tech.beshu.ror.configuration.loader.ConfigLoadingInterpreter$.tech$beshu$ror$configuration$loader$ConfigLoadingInterpreter$$loadFromIndex(ConfigLoadingInterpreter.scala:100)\n\tat fromAutoCloseable @ tech.beshu.ror.buildinfo.BuildInfoReader$.tryWithResources(BuildInfoReader.scala:53)\n\tat fromAutoCloseable @ tech.beshu.ror.buildinfo.BuildInfoReader$.tryWithResources(BuildInfoReader.scala:53)\n\tat use @ tech.beshu.ror.buildinfo.BuildInfoReader$.tryWithResources(BuildInfoReader.scala:54)\n\tat delayExecution @ tech.beshu.ror.configuration.loader.ConfigLoadingInterpreter$.tech$beshu$ror$configuration$loader$ConfigLoadingInterpreter$$loadFromIndex(ConfigLoadingInterpreter.scala:100)\n\tat fromAutoCloseable @ tech.beshu.ror.buildinfo.BuildInfoReader$.tryWithResources(BuildInfoReader.scala:53)\n\tat fromAutoCloseable @ tech.beshu.ror.buildinfo.BuildInfoReader$.tryWithResources(BuildInfoReader.scala:53)\n\tat use @ tech.beshu.ror.buildinfo.BuildInfoReader$.tryWithResources(BuildInfoReader.scala:54)\n\tat delayExecution @ tech.beshu.ror.configuration.loader.ConfigLoadingInterpreter$.tech$beshu$ror$configuration$loader$ConfigLoadingInterpreter$$loadFromIndex(ConfigLoadingInterpreter.scala:100)\nCaused by: java.io.IOException: LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server /172.18.6.10:3268: SocketTimeoutException(Connect timed out), ldapSDKVersion=6.0.6, revision=b8c6c463def55758ed8ec0d914c84268c944251c')\n\tat com.unboundid.ldap.sdk.LDAPConnectionInternals.<init>(LDAPConnectionInternals.java:204)\n\tat com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:932)\n\tat com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:829)\n\tat com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:767)\n\tat com.unboundid.ldap.sdk.LDAPConnection.<init>(LDAPConnection.java:587)\n\tat com.unboundid.ldap.sdk.SingleServerSet.getConnection(SingleServerSet.java:329)\n\tat com.unboundid.ldap.sdk.SingleServerSet.getConnection(SingleServerSet.java:315)\n\tat tech.beshu.ror.accesscontrol.blocks.definitions.ldap.implementations.UnboundidLdapConnectionPoolProvider$.$anonfun$testBindingForAllHosts$1(UnboundidLdapConnectionPoolProvider.scala:162)\n\tat monix.eval.internal.TaskRunLoop$.startFull(TaskRunLoop.scala:88)\n\tat monix.eval.Task$.unsafeStartNow(Task.scala:4798)\n\tat monix.eval.internal.TaskBracket$BaseStart.apply(TaskBracket.scala:181)\n\tat monix.eval.internal.TaskBracket$BaseStart.apply(TaskBracket.scala:168)\n\tat monix.eval.internal.TaskRestartCallback.run(TaskRestartCallback.scala:65)\n\tat monix.execution.internal.Trampoline.monix$execution$internal$Trampoline$$immediateLoop(Trampoline.scala:66)\n\tat monix.execution.internal.Trampoline.startLoop(Trampoline.scala:32)\n\tat monix.execution.schedulers.TrampolineExecutionContext$JVMNormalTrampoline.super$startLoop(TrampolineExecutionContext.scala:142)\n\tat monix.execution.schedulers.TrampolineExecutionContext$JVMNormalTrampoline.$anonfun$startLoop$1(TrampolineExecutionContext.scala:142)\n\tat scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.scala:18)\n\tat scala.concurrent.BlockContext$.withBlockContext(BlockContext.scala:94)\n\tat monix.execution.schedulers.TrampolineExecutionContext$JVMNormalTrampoline.startLoop(TrampolineExecutionContext.scala:142)\n\tat monix.execution.internal.Trampoline.execute(Trampoline.scala:40)\n\tat monix.execution.schedulers.TrampolineExecutionContext.execute(TrampolineExecutionContext.scala:57)\n\tat monix.execution.schedulers.BatchingScheduler.execute(BatchingScheduler.scala:50)\n\tat monix.execution.schedulers.BatchingScheduler.execute$(BatchingScheduler.scala:47)\n\tat monix.execution.schedulers.ExecutorScheduler.execute(ExecutorScheduler.scala:35)\n\tat monix.eval.internal.TaskRestartCallback.start(TaskRestartCallback.scala:56)\n\tat monix.eval.internal.TaskRunLoop$.executeAsyncTask(TaskRunLoop.scala:703)\n\tat monix.eval.internal.TaskRunLoop$.startFull(TaskRunLoop.scala:135)\n\tat monix.eval.internal.TaskRestartCallback.syncOnSuccess(TaskRestartCallback.scala:101)\n\tat monix.eval.internal.TaskRestartCallback.onSuccess(TaskRestartCallback.scala:74)\n\tat monix.eval.internal.TaskSleep$SleepRunnable.run(TaskSleep.scala:71)\n\tat monix.execution.internal.InterceptRunnable.run(InterceptRunnable.scala:27)\n\tat java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)\n\tat java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)\n\tat java.base/java.lang.Thread.run(Thread.java:1589)\nCaused by: LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server /172.18.6.10:3268: SocketTimeoutException(Connect timed out), ldapSDKVersion=6.0.6, revision=b8c6c463def55758ed8ec0d914c84268c944251c')\n\tat com.unboundid.ldap.sdk.ConnectThread.getConnectedSocket(ConnectThread.java:287)\n\tat com.unboundid.ldap.sdk.LDAPConnectionInternals.<init>(LDAPConnectionInternals.java:185)\n\t... 34 more\nCaused by: java.net.SocketTimeoutException: Connect timed out\n\tat java.base/sun.nio.ch.NioSocketImpl.timedFinishConnect(NioSocketImpl.java:539)\n\tat java.base/sun.nio.ch.NioSocketImpl.connect(NioSocketImpl.java:585)\n\tat java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:327)\n\tat java.base/java.net.Socket.connect(Socket.java:666)\n\tat com.unboundid.ldap.sdk.ConnectThread.run(ConnectThread.java:165)\n"
}
Can anyone help me resolve this issue?
This is a very basic networking issue: ROR cannot reach the host 172.18.6.10 on port 3268 TCP. Please verify the LDAP server IP and port are correct, and the address is reachable from where Elasticsearch is running. Maybe you have a firewall?
I see "Connect timed out" in the log. Try to increase connection_timeout
in the LDAP connector configuration.