Elasticsearch接入LDAP
说明:
- elasticsearch版本: 7.6.1
修改elasticsearch.yml,添加如下内容,并根据自己情况做相应修改
# 使用ldap
xpack:
security:
authc:
realms:
ldap:
ldap1:
order: 0
url: "ldap://192.168.0.100:389"
user_dn_templates:
- "uid={0},ou=People,dc=Chk,dc=com"
group_search:
base_dn: "dc=Chk,dc=com"
files:
role_mapping: "/etc/elasticsearch/role_mapping.yml"
unmapped_groups_as_roles: false
# 使用ldaps
xpack:
security:
authc:
realms:
ldap:
ldap1:
order: 0
url: "ldaps://192.168.0.100:636"
ssl:
verification_mode: none
user_dn_templates:
- "uid={0},ou=People,dc=Chk,dc=com"
group_search:
base_dn: "dc=Chk,dc=com"
files:
role_mapping: "/etc/elasticsearch/role_mapping.yml"
unmapped_groups_as_roles: false
说明:verification_mode
代表忽略证书验证,如果您 有证书可以将这项改为certificate
,并使用certificate_authorities项指定 证书路径,参考官方文档: 加密Elasticsearch和LDAP之间的通信
url : ldaps://ad.example.com:636
ssl :
certificate_authorities : [ "ES_PATH_CONF/cacert.pem" ]