Would you like to learn how to configure the ElasticSearch LDAP authentication on Active Directory? In this tutorial, we are going to show you how to authenticate ElasticSearch users using the Active Directory from Microsoft Windows and the LDAP protocol.
• Ubuntu 18
• Ubuntu 19
• ElasticSearch 7.6.2
• Windows 2012 R2
In our example, The ElastiSearch server IP address is 192.168.100.7.
In our example, The domain controller IP address is 192.168.100.10.
ElasticSearch Related Tutorial:
On this page, we offer quick access to a list of tutorials related to ElasticSearch installation.
Tutorial Windows – Domain Controller Firewall
• IP – 192.168.100.10
• Operacional System – WINDOWS 2012 R2
• Hostname – TECH-DC01
First, we need to create a Firewall rule on the Windows domain controller.
This firewall rule will allow the ElasticSearch server to query the Active directory.
On the domain controller, open the application named Windows Firewall with Advanced Security
Create a new Inbound firewall rule.
Select the PORT option.
Select the TCP option.
Select the Specific local ports option.
Enter the TCP port 389.
Select the Allow the connection option.
Check the DOMAIN option.
Check the PRIVATE option.
Check the PUBLIC option.
Enter a description to the firewall rule.
Congratulations, you have created the required firewall rule.
This rule will allow the ElasticSearch server to query the Active directory database.
Tutorial Windows – Domain Account Creation
Next, we need to create at least 2 accounts on the Active Directory database.
The ADMIN account will be used to login on the ElasticSearch server as Superuser.
The BIND account will be used to query the Active Directory database.
On the domain controller, open the application named: Active Directory Users and Computers
Create a new account inside the Users container.
Create a new account named: admin
Password configured to the ADMIN user: 123qwe..
This account will be used to authenticate on the ElasticSearch.
Create a new account named: bind
Password configured to the BIND user: kamisama123..
This account will be used by Elasticsearch to query the Active Directory.
Congratulations, you have created the required Active Directory accounts.
Tutorial Windows – Domain Group Creation
Next, we need to create at least 2 groups on the Active directory database.
On the domain controller, open the application named: Active Directory Users and Computers
Create a new group inside the Users container.
Create a new group named: ElasticSearch-Superuser.
Members of this group will have the administrative permission on the ElasticSearch.
Important! Add the admin user as a member of the ElasticSearch-Superuser group.
Create a new group named: ElasticSearch-User.
Members of this group will have the user permission on the ElasticSearch server.
Congratulations, you have created the required Active Directory group.
Tutorial ElasticSearch – LDAP Authentication on Active Directory
Install the required packages.
Verify the license installed on the ElasticSearch server.
Here is the command output:
In our example, we have a basic license installed on the ElasticSearch server.
Enable the trial license on the ElasticSearch server.
Here is the command output:
Stop the ElasticSearch service.
Edit the ElasticSearch configuration file named: elasticsearch.yml
Add the following lines at the end of the file.
Here is the original file, before our configuration.
Here is the file with our configuration.
Locate the command named: ELASTICSEARCH-KEYSTORE
The ElasticSearch server needs to store the credentials of the Active Directory user named BIND.
Enter the Active Directory password for the user named BIND.
Create a configuration file named: role_mapping.yml
Here is the file content.
Set the correct file permissions.
Start the ElasticSearch service.
Test your communication with the ElasticSearch server using the Active Directory credentials
Here is the command output:
Congratulations! You have configured the ElasticSearch authentication to use the Active Directory.
