You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It is working with admin-user and admin-password iam able to see the cluster because the admin-user which I have given as shown in the above config is present in the admin-users group in the RBAC
Now iam trying to use my user where it is showing invalid credentials the logs are provided below
2024-04-29 12:17:31,329 DEBUG [boundedElastic-2] o.s.s.l.a.BindAuthenticator: Failed to bind with any user DNs [cn=sathishkumar.s,ou=Users,dc=Ar,dc=Ey]
2024-04-29 12:17:31,333 DEBUG [boundedElastic-2] o.s.l.c.s.AbstractContextSource: Got Ldap context on server 'ldap://ldap.your-domain.com'
2024-04-29 12:17:31,334 DEBUG [boundedElastic-2] o.s.s.w.s.a.AuthenticationWebFilter: Authentication failed: Bad credentials
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
This is my ldap and RBAC configuration
auth:
type: LDAP
spring:
ldap:
urls: ldap://your-domain.com
base: "cn={0},ou=Users,dc=Ar,dc=Ey"
admin-user: "cn=vd,ou=Users,dc=Ar,dc=Ey"
admin-password: "p***#"
user-filter-search-base: "dc=Ar,dc=Ey"
user-filter-search-filter: "(&(cn={0})(objectClass=user)(|(dc=Ar,dc=Ey)))"
group-filter-search-base: "ou=MyUsers,dc=Ar,dc=Ey"
oauth2:
ldap:
activeDirectory: false
aсtiveDirectory:
domain: Ar.Ey
rbac:
roles:
- clusters: kafka
name: admin
permissions:
- actions: all
resource: audit
- actions: all
resource: clusterconfig
- actions: all
resource: topic
value: .*
- actions: all
resource: consumer
value: .*
- actions: all
resource: schema
value: .*
- actions: all
resource: connect
value: .*
- actions: all
resource: ksql
subjects:
- provider: ldap
type: group
value: "admin-users"
- clusters: kafka
name: readonly
permissions:
- actions:
- view
resource: clusterconfig
- actions:
- VIEW
- MESSAGES_READ
resource: topic
value: .*
- actions:
- view
resource: consumer
value: .*
- actions:
- view
resource: schema
value: .*
- actions:
- view
resource: connect
value: .*
subjects:
- provider: ldap
type: group
value: "admin-readonly"
It is working with admin-user and admin-password iam able to see the cluster because the admin-user which I have given as shown in the above config is present in the admin-users group in the RBAC
Now iam trying to use my user where it is showing invalid credentials the logs are provided below
2024-04-29 12:17:31,329 DEBUG [boundedElastic-2] o.s.s.l.a.BindAuthenticator: Failed to bind with any user DNs [cn=sathishkumar.s,ou=Users,dc=Ar,dc=Ey]
2024-04-29 12:17:31,333 DEBUG [boundedElastic-2] o.s.l.c.s.AbstractContextSource: Got Ldap context on server 'ldap://ldap.your-domain.com'
2024-04-29 12:17:31,334 DEBUG [boundedElastic-2] o.s.s.w.s.a.AuthenticationWebFilter: Authentication failed: Bad credentials
Beta Was this translation helpful? Give feedback.
All reactions