Would you like to learn how to configure the ElasticSearch LDAP authentication on Active Directory? In this tutorial, we are going to show you how to authenticate ElasticSearch users using the Active Directory from Microsoft Windows and the LDAP protocol.

• Ubuntu 18
• Ubuntu 19
• ElasticSearch 7.6.2
• Windows 2012 R2

In our example, The ElastiSearch server IP address is 192.168.100.7.

In our example, The domain controller IP address is 192.168.100.10.

Tutorial Windows – Domain Controller Firewall

• IP – 192.168.100.10
• Operacional System – WINDOWS 2012 R2
• Hostname – TECH-DC01

First, we need to create a Firewall rule on the Windows domain controller.

This firewall rule will allow the ElasticSearch server to query the Active directory.

On the domain controller, open the application named Windows Firewall with Advanced Security

Create a new Inbound firewall rule.

zabbix active directory

Select the PORT option.

Select the TCP option.

Select the Specific local ports option.

Enter the TCP port 389.

zabbix windows firewall port ldap

Select the Allow the connection option.

zabbix windows firewall allow connection

Check the DOMAIN option.

Check the PRIVATE option.

Check the PUBLIC option.

Enter a description to the firewall rule.

windows firewall active directory

Congratulations, you have created the required firewall rule.

This rule will allow the ElasticSearch server to query the Active directory database.

Tutorial Windows – Domain Account Creation

Next, we need to create at least 2 accounts on the Active Directory database.

The ADMIN account will be used to login on the ElasticSearch server as Superuser.

The BIND account will be used to query the Active Directory database.

On the domain controller, open the application named: Active Directory Users and Computers

Create a new account inside the Users container.

Zabbix active directory account

Create a new account named: admin

Password configured to the ADMIN user: 123qwe..

This account will be used to authenticate on the ElasticSearch.

active directory admin account
zabbix active directory admin properties

Create a new account named: bind

Password configured to the BIND user: kamisama123..

This account will be used by Elasticsearch to query the Active Directory.

active directory bind account
zabbix active directory ldap bind properties

Congratulations, you have created the required Active Directory accounts.

Tutorial Windows – Domain Group Creation

Next, we need to create at least 2 groups on the Active directory database.

On the domain controller, open the application named: Active Directory Users and Computers

Create a new group inside the Users container.

Radius Active directory group

Create a new group named: ElasticSearch-Superuser.

Members of this group will have the administrative permission on the ElasticSearch.

elasticsearch active directory group superuser

Important! Add the admin user as a member of the ElasticSearch-Superuser group.

Elasticsearch active directory administrators

Create a new group named: ElasticSearch-User.

Members of this group will have the user permission on the ElasticSearch server.

Elasticsearch active directory users

Congratulations, you have created the required Active Directory group.

Tutorial ElasticSearch – LDAP Authentication on Active Directory

Install the required packages.

Copy to Clipboard

Verify the license installed on the ElasticSearch server.

Copy to Clipboard

Here is the command output:

Copy to Clipboard

In our example, we have a basic license installed on the ElasticSearch server.

Enable the trial license on the ElasticSearch server.

Copy to Clipboard

Here is the command output:

Copy to Clipboard

Stop the ElasticSearch service.

Copy to Clipboard

Edit the ElasticSearch configuration file named: elasticsearch.yml

Copy to Clipboard

Add the following lines at the end of the file.

Copy to Clipboard

Here is the original file, before our configuration.

Copy to Clipboard

Here is the file with our configuration.

Copy to Clipboard

Locate the command named: ELASTICSEARCH-KEYSTORE

Copy to Clipboard

The ElasticSearch server needs to store the credentials of the Active Directory user named BIND.

Copy to Clipboard

Enter the Active Directory password for the user named BIND.

Copy to Clipboard

Create a configuration file named: role_mapping.yml

Copy to Clipboard

Here is the file content.

Copy to Clipboard

Set the correct file permissions.

Copy to Clipboard

Start the ElasticSearch service.

Copy to Clipboard

Test your communication with the ElasticSearch server using the Active Directory credentials

Copy to Clipboard

Here is the command output:

Copy to Clipboard

Congratulations! You have configured the ElasticSearch authentication to use the Active Directory.