说明:

  • elasticsearch版本: 7.6.1

修改elasticsearch.yml,添加如下内容,并根据自己情况做相应修改

# 使用ldap
xpack:
  security:
    authc:
      realms:
        ldap:
          ldap1:
            order: 0
            url: "ldap://192.168.0.100:389"
            user_dn_templates:
              - "uid={0},ou=People,dc=Chk,dc=com"
            group_search:
              base_dn: "dc=Chk,dc=com"
            files:
              role_mapping: "/etc/elasticsearch/role_mapping.yml"
            unmapped_groups_as_roles: false
# 使用ldaps
xpack:
  security:
    authc:
      realms:
        ldap:
          ldap1:
            order: 0
            url: "ldaps://192.168.0.100:636"
            ssl:
              verification_mode: none
            user_dn_templates:
              - "uid={0},ou=People,dc=Chk,dc=com"
            group_search:
              base_dn: "dc=Chk,dc=com"
            files:
              role_mapping: "/etc/elasticsearch/role_mapping.yml"
            unmapped_groups_as_roles: false

说明:verification_mode代表忽略证书验证,如果您 有证书可以将这项改为certificate,并使用certificate_authorities项指定 证书路径,参考官方文档: 加密Elasticsearch和LDAP之间的通信

url : ldaps://ad.example.com:636 
ssl :
  certificate_authorities : [ "ES_PATH_CONF/cacert.pem" ]