Skip to content

Configure Opendistro for Ldap authentication

Go to elasticsearch/plugins/opendistro_security/securityconfig/config.yml and add the LDAP configuration like :

opendistro_security:
  dynamic:
    http:
      anonymous_auth_enabled: false
    authc:
      # LDAP
      ldap:
        enabled: true
        order: 1
        http_authenticator:
          type: basic
          challenge: true 
        authentication_backend:
          type: ldap
          config:
            enable_ssl: false
            enable_start_tls: false
            enable_ssl_client_auth: false
            verify_hostnames: false
            hosts:
              - hostname:portnumber
            bind_dn: "uid=test,ou=users,dc=wimpi,dc=net"
            password: "secret"
            userbase: "ou=users,dc=wimpi,dc=net"
            usersearch: "(uid={0})"
            username_attribute: uid
      basic:
        enabled: true
        order: 2
        http_enabled: true
        transport_enabled: true
        http_authenticator:
          type: basic
          challenge: true
        authentication_backend:
          type: internal

Finally, go to elasticsearch/plugins/opendistro_security/tools and apply the changes with securityadmin :

chmod +x securityadmin.sh
./securityadmin.sh -cd ../securityconfig/ -icl -nhnv -h <server_host> \
    -cacert ../../../config/rootca-cert.pem \
    -cert ../../../config/admin-cert.pem \
    -key ../../../config/admin-key-pkcs8.pem