Giters

sscarduzio / elasticsearch-readonlyrest-plugin

Free Elasticsearch security plugin and Kibana security plugin: super-easy Kibana multi-tenancy, Encryption, Authentication, Authorization, Auditing

Home Page:https://readonlyrest.com

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Unable to connect to LDAP server

hsachan22 opened this issue · comments

commented

I am unable to connect to ldap server with below readonlyrest config.

readonlyrest:
  access_control_rules:
    - name: "::KIBANA-SRV::"
      type: allow
      auth_key: kibana:kibana

    - name: Accept requests from users
      type: allow
      ldap_authentication:
        name: "ldap1"

  ldaps:
    - name: ldap1
      host: "172.18.6.10"
      port: 3268
      ssl_enabled: false
      ssl_trust_all_certs: true
      bind_dn: "${env:LDAP_BIND_DN}"
      bind_password: "${env:LDAP_PASSWORD}"
      search_user_base_DN: "${env:LDAP_BASE_DN}"
      user_id_attribute: "sAMAccountName"
      search_groups_base_DN: "${env:LDAP_BASE_DN}"
      connection_timeout: 1s
      request_timeout: 2s

Here'e the error I'm getting:

{
  "@timestamp": "2023-07-19T09:04:49.514Z",
  "log.level": "ERROR",
  "message": "LDAP binding exception",
  "ecs.version": "1.2.0",
  "service.name": "ES_ECS",
  "event.dataset": "elasticsearch.server",
  "process.thread.name": "scala-execution-context-global-53",
  "log.logger": "tech.beshu.ror.accesscontrol.blocks.definitions.ldap.implementations.UnboundidLdapConnectionPoolProvider$",
  "elasticsearch.cluster.uuid": "HkI1Fb8fQyGS8pE8U-5QVg",
  "elasticsearch.node.id": "fQtSene3QBmDesc5uG-UVg",
  "elasticsearch.node.name": "ror-es01",
  "elasticsearch.cluster.name": "ror-cluster",
  "error.type": "com.unboundid.ldap.sdk.LDAPException",
  "error.message": "An error occurred while attempting to connect to server 172.18.6.10:3268:  IOException(LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server /172.18.6.10:3268:  SocketTimeoutException(Connect timed out), ldapSDKVersion=6.0.6, revision=b8c6c463def55758ed8ec0d914c84268c944251c'))",
  "error.stack_trace": "LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to connect to server 172.18.6.10:3268:  IOException(LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server /172.18.6.10:3268:  SocketTimeoutException(Connect timed out), ldapSDKVersion=6.0.6, revision=b8c6c463def55758ed8ec0d914c84268c944251c'))')\n\tat com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:943)\n\tat com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:829)\n\tat com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:767)\n\tat com.unboundid.ldap.sdk.LDAPConnection.<init>(LDAPConnection.java:587)\n\tat com.unboundid.ldap.sdk.SingleServerSet.getConnection(SingleServerSet.java:329)\n\tat com.unboundid.ldap.sdk.SingleServerSet.getConnection(SingleServerSet.java:315)\n\tat tech.beshu.ror.accesscontrol.blocks.definitions.ldap.implementations.UnboundidLdapConnectionPoolProvider$.$anonfun$testBindingForAllHosts$1(UnboundidLdapConnectionPoolProvider.scala:162)\n\tat fromAutoCloseable @ tech.beshu.ror.buildinfo.BuildInfoReader$.tryWithResources(BuildInfoReader.scala:53)\n\tat fromAutoCloseable @ tech.beshu.ror.buildinfo.BuildInfoReader$.tryWithResources(BuildInfoReader.scala:53)\n\tat use @ tech.beshu.ror.buildinfo.BuildInfoReader$.tryWithResources(BuildInfoReader.scala:54)\n\tat delayExecution @ tech.beshu.ror.configuration.loader.ConfigLoadingInterpreter$.tech$beshu$ror$configuration$loader$ConfigLoadingInterpreter$$loadFromIndex(ConfigLoadingInterpreter.scala:100)\n\tat fromAutoCloseable @ tech.beshu.ror.buildinfo.BuildInfoReader$.tryWithResources(BuildInfoReader.scala:53)\n\tat fromAutoCloseable @ tech.beshu.ror.buildinfo.BuildInfoReader$.tryWithResources(BuildInfoReader.scala:53)\n\tat use @ tech.beshu.ror.buildinfo.BuildInfoReader$.tryWithResources(BuildInfoReader.scala:54)\n\tat delayExecution @ tech.beshu.ror.configuration.loader.ConfigLoadingInterpreter$.tech$beshu$ror$configuration$loader$ConfigLoadingInterpreter$$loadFromIndex(ConfigLoadingInterpreter.scala:100)\n\tat fromAutoCloseable @ tech.beshu.ror.buildinfo.BuildInfoReader$.tryWithResources(BuildInfoReader.scala:53)\n\tat fromAutoCloseable @ tech.beshu.ror.buildinfo.BuildInfoReader$.tryWithResources(BuildInfoReader.scala:53)\n\tat use @ tech.beshu.ror.buildinfo.BuildInfoReader$.tryWithResources(BuildInfoReader.scala:54)\n\tat delayExecution @ tech.beshu.ror.configuration.loader.ConfigLoadingInterpreter$.tech$beshu$ror$configuration$loader$ConfigLoadingInterpreter$$loadFromIndex(ConfigLoadingInterpreter.scala:100)\n\tat fromAutoCloseable @ tech.beshu.ror.buildinfo.BuildInfoReader$.tryWithResources(BuildInfoReader.scala:53)\n\tat fromAutoCloseable @ tech.beshu.ror.buildinfo.BuildInfoReader$.tryWithResources(BuildInfoReader.scala:53)\n\tat use @ tech.beshu.ror.buildinfo.BuildInfoReader$.tryWithResources(BuildInfoReader.scala:54)\n\tat delayExecution @ tech.beshu.ror.configuration.loader.ConfigLoadingInterpreter$.tech$beshu$ror$configuration$loader$ConfigLoadingInterpreter$$loadFromIndex(ConfigLoadingInterpreter.scala:100)\nCaused by: java.io.IOException: LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server /172.18.6.10:3268:  SocketTimeoutException(Connect timed out), ldapSDKVersion=6.0.6, revision=b8c6c463def55758ed8ec0d914c84268c944251c')\n\tat com.unboundid.ldap.sdk.LDAPConnectionInternals.<init>(LDAPConnectionInternals.java:204)\n\tat com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:932)\n\tat com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:829)\n\tat com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:767)\n\tat com.unboundid.ldap.sdk.LDAPConnection.<init>(LDAPConnection.java:587)\n\tat com.unboundid.ldap.sdk.SingleServerSet.getConnection(SingleServerSet.java:329)\n\tat com.unboundid.ldap.sdk.SingleServerSet.getConnection(SingleServerSet.java:315)\n\tat tech.beshu.ror.accesscontrol.blocks.definitions.ldap.implementations.UnboundidLdapConnectionPoolProvider$.$anonfun$testBindingForAllHosts$1(UnboundidLdapConnectionPoolProvider.scala:162)\n\tat monix.eval.internal.TaskRunLoop$.startFull(TaskRunLoop.scala:88)\n\tat monix.eval.Task$.unsafeStartNow(Task.scala:4798)\n\tat monix.eval.internal.TaskBracket$BaseStart.apply(TaskBracket.scala:181)\n\tat monix.eval.internal.TaskBracket$BaseStart.apply(TaskBracket.scala:168)\n\tat monix.eval.internal.TaskRestartCallback.run(TaskRestartCallback.scala:65)\n\tat monix.execution.internal.Trampoline.monix$execution$internal$Trampoline$$immediateLoop(Trampoline.scala:66)\n\tat monix.execution.internal.Trampoline.startLoop(Trampoline.scala:32)\n\tat monix.execution.schedulers.TrampolineExecutionContext$JVMNormalTrampoline.super$startLoop(TrampolineExecutionContext.scala:142)\n\tat monix.execution.schedulers.TrampolineExecutionContext$JVMNormalTrampoline.$anonfun$startLoop$1(TrampolineExecutionContext.scala:142)\n\tat scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.scala:18)\n\tat scala.concurrent.BlockContext$.withBlockContext(BlockContext.scala:94)\n\tat monix.execution.schedulers.TrampolineExecutionContext$JVMNormalTrampoline.startLoop(TrampolineExecutionContext.scala:142)\n\tat monix.execution.internal.Trampoline.execute(Trampoline.scala:40)\n\tat monix.execution.schedulers.TrampolineExecutionContext.execute(TrampolineExecutionContext.scala:57)\n\tat monix.execution.schedulers.BatchingScheduler.execute(BatchingScheduler.scala:50)\n\tat monix.execution.schedulers.BatchingScheduler.execute$(BatchingScheduler.scala:47)\n\tat monix.execution.schedulers.ExecutorScheduler.execute(ExecutorScheduler.scala:35)\n\tat monix.eval.internal.TaskRestartCallback.start(TaskRestartCallback.scala:56)\n\tat monix.eval.internal.TaskRunLoop$.executeAsyncTask(TaskRunLoop.scala:703)\n\tat monix.eval.internal.TaskRunLoop$.startFull(TaskRunLoop.scala:135)\n\tat monix.eval.internal.TaskRestartCallback.syncOnSuccess(TaskRestartCallback.scala:101)\n\tat monix.eval.internal.TaskRestartCallback.onSuccess(TaskRestartCallback.scala:74)\n\tat monix.eval.internal.TaskSleep$SleepRunnable.run(TaskSleep.scala:71)\n\tat monix.execution.internal.InterceptRunnable.run(InterceptRunnable.scala:27)\n\tat java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)\n\tat java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)\n\tat java.base/java.lang.Thread.run(Thread.java:1589)\nCaused by: LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server /172.18.6.10:3268:  SocketTimeoutException(Connect timed out), ldapSDKVersion=6.0.6, revision=b8c6c463def55758ed8ec0d914c84268c944251c')\n\tat com.unboundid.ldap.sdk.ConnectThread.getConnectedSocket(ConnectThread.java:287)\n\tat com.unboundid.ldap.sdk.LDAPConnectionInternals.<init>(LDAPConnectionInternals.java:185)\n\t... 34 more\nCaused by: java.net.SocketTimeoutException: Connect timed out\n\tat java.base/sun.nio.ch.NioSocketImpl.timedFinishConnect(NioSocketImpl.java:539)\n\tat java.base/sun.nio.ch.NioSocketImpl.connect(NioSocketImpl.java:585)\n\tat java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:327)\n\tat java.base/java.net.Socket.connect(Socket.java:666)\n\tat com.unboundid.ldap.sdk.ConnectThread.run(ConnectThread.java:165)\n"
}

Can anyone help me resolve this issue?

commented

This is a very basic networking issue: ROR cannot reach the host 172.18.6.10 on port 3268 TCP. Please verify the LDAP server IP and port are correct, and the address is reachable from where Elasticsearch is running. Maybe you have a firewall?

commented

I see "Connect timed out" in the log. Try to increase connection_timeout in the LDAP connector configuration.