LDAP could not login successfully.
tuohaibei opened this issue · 15 comments
I want to config kibana LDAP login,but i could not set sccessfully.Could you give me some advice?
Hello!
Thanks for submitting an issue.
Which LDAP server are you using? I'm going to use apacheDS in the documentation.
I will try and set it up and write more detailed instructions, after I'm done with the 1.2.0 release of the plug-in. Sometime next week.
From the stacktrace it looks like an error with the admin account.
Thanks.I will try it a few times myself.
LDAP is LDAP://*:389.
I would like to ask about if this plugin could control the viewing and modification permissions of dashborad?
I want to change style about login page,How can i change it?
I would like to ask about if this plugin could control the viewing and modification permissions of dashborad? not yet, it's been planned for a while but no progress has been made. It would require more knowledge about the internals of Kibana.
I want to change style about login page,How can i change it?
Inside the plugin zip there is a folder called 'public'.
Edit
- public/login.pug
- public/login.css
- public/style.css
This has to be done before the plugin is installed, otherwise it will not have any effect as kibana creates a 'bundle' when the plugin is installed or when kibana is started the first time.
Can you authenticate with any other clients? For example Apache Directory Studio?
Can you show me a tree of your AD?
I tested it with ApacheDS and Apache Directory Studio just now,
Sample configuration
"ldap": {
"url": "ldap://127.0.0.1:10389",
"admin": {
"dn": "uid=admin,ou=system",
"password": "secret"
},
"search": {
"scope": "sub",
"user-dn": "ou=users,ou=system",
"group-dn": "ou=groups,ou=system"
}
},
My tree looks like this, "tomat" is a regular user found with the "search" config.
Please verify that you are using the correct password and that the Bind DN parameters matches for your admin section
.
This can be done from Apache Directory Studio, please find examples attached.
Hi @codingchili
When I login,it has following errors,Is there a problem with my settings?
Hi @codingchili
Could you give some advice?thank you.
Hi Again,
Which kind of LDAP server are you using? it looks like the client gets a response that is an error.
Can you see if there is anything in your LDAP server logs?
Looks like an issue when searching, did you get the first error when starting kibana? Or is is just the login that fails now from the UI?
Hi @codingchili
it has no error when starting kibana,it is just the login that fails from the UI.Screenshout is from UI.When i click login from UI,It has the above error.
Hi @codingchili
Could you give me some advice?Thanks.
It looks like there's an error occuring in the LDAP client which HAPI cannot handle due to some incompatibility with Boom?
Any chance of upgrading kibana to at least 6.6? Then you could use the latest version of the plugin.
It's hard for me to investigate this as it's working fine for me, I don't really know what your LDAP setup looks like.
Hi @codingchili
I used 6.3.2.Could you leave a contact information for remote assistance and communication?
Hello,
You can email me at --- (let me know when you got it so I can edit it out.)
Also please see #44 which is also about LDAP authentication.
Can you email me a screenshot of your LDAP/AD tree? and your config.json.
I have emailed to you,please check.Thanks.
Hi @codingchili
It could work now,thanks very much(I used kibana 6.3.2,plugin use 1.1.0)just logging out the page is not very friendly,it looks like this.
I also want to one question,1.1.0 did not support linux?
There is no pre-built distribution for linux. you could checkout the source code for the 1.1.0 tag and build it yourself.
Yes, agreed it's not very user friendly. I would like to improve it :)