Elasticsearch 用戶管理
本來想使用 LDAP 管理登入帳號,但看到 log 顯示目前的 license (Basic license) 不支援 LDAP。
版本資訊
1{
2 "name" : "node1",
3 "cluster_name" : "elasticsearch",
4 "cluster_uuid" : "xxxxxxxxxxxxxxxx",
5 "version" : {
6 "number" : "7.10.0",
7 "build_flavor" : "default",
8 "build_type" : "deb",
9 "build_hash" : "xxxxxxxxxxxxxxxx",
10 "build_date" : "2020-11-09T21:30:33.964949Z",
11 "build_snapshot" : false,
12 "lucene_version" : "8.7.0",
13 "minimum_wire_compatibility_version" : "6.8.0",
14 "minimum_index_compatibility_version" : "6.0.0-beta1"
15 },
16 "tagline" : "You Know,for Search"
17}
Log
1tail /opt/elasticsearch/logs/elasticsearch.log
2
3[2021-06-03T09:13:12,744][WARN ][o.e.x.s.a.AuthenticationService] [node1] Authentication failed using realms [reserved/reserved,file/default_file,native/default_native]. Realms [ldap/ldap1] were skipped because they are not permitted on the current license
配置 LDAP
1vim /etc/elasticsearch/elasticsearch.yml
2
3xpack:
4 security:
5 authc:
6 realms:
7 ldap:
8 ldap1:
9 order: 0
10 url: "ldaps://ldap.example.tw:636"
11 bind_dn: "uid=admin,cn=users,cn=accounts,dc=example,dc=tw"
12 user_search:
13 base_dn: "cn=users,cn=accounts,dc=example,dc=tw"
14 filter: "(memberUid={1})"
15 group_search:
16 base_dn: "dc=example,dc=tw"
17 files:
18 role_mapping: "/etc/elasticsearch/role_mapping.yml"
19 unmapped_groups_as_roles: false
1/usr/share/elasticsearch/bin/elasticsearch-keystore add \
2xpack.security.authc.realms.ldap.ldap1.secure_bind_password