Gitea-John71/LLDAP
2
0
Fork 0
mirror of https://github.com/lldap/lldap.git synced 2026-06-10 05:20:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added example configuration for Elasticsearch + Kibanna

Browse Source
This commit is contained in:
Kieran
2026-05-09 18:27:45 +01:00
committed by nitnelave
parent a3d4eb04be
commit 68fc426ba3
2 changed files with 57 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
example_configs/README.md
View File

@@ -19,6 +19,7 @@ configuration files:
- [Dolibarr](dolibarr.md) - [Dolibarr](dolibarr.md)
- [Duo Auth Proxy](duo_auth_proxy.md) - [Duo Auth Proxy](duo_auth_proxy.md)
- [Ejabberd](ejabberd.md) - [Ejabberd](ejabberd.md)
- [Elasticsearch](elasticsearch.md)
- [Emby](emby.md) - [Emby](emby.md)
- [Ergo IRCd](ergo.md) - [Ergo IRCd](ergo.md)
- [Gerrit](gerrit.md) - [Gerrit](gerrit.md)

56
example_configs/elasticsearch.md Normal file
View File

@@ -0,0 +1,56 @@
# Elasticsearch configuration
> ⚠️ Configuring Elasticsearch to use LDAP auth requires a paid licence. Only the `default` and `file` realms are enabled on a Basic licence.
This basic configuration example is for LLDAP auth on [Elastic Cloud on Kubernetes (ECK)](https://www.elastic.co/docs/deploy-manage/deploy/cloud-on-k8s). Advanced configuration can be found in the [Elastic docs](https://www.elastic.co/docs/deploy-manage/users-roles/cluster-or-deployment-auth/ldap).
## Elasticsearch
To perform auth using LLDAP in Elasticsearch, add the following lines to the Elasticsearch spec:
```yaml
spec:
nodesets:
- name: elasticsearch
config:
xpack.security.authc.realms.ldap:
ldap1:
order: 1
enabled: true
url: "ldap://<ip.of.lldap.instance>:3890"
user_dn_templates:
- "uid={0},ou=people,dc=example,dc=com"
bind_dn: "uid=admin,ou=people,dc=example,dc=com"
group_search:
base_dn: "ou=groups,dc=example,dc=com"
unmapped_groups_as_roles: false
secureSettings:
- secretName: elasticsearch-keystore-values
```
Then, create a secret called `elasticsearch-keystore-values`:
```yaml
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: elasticsearch-keystore-values
namespace: elastic
data:
xpack.security.authc.realms.ldap.ldap1.secure_bind_password: base64_encoded_ldap_admin_password
```
## Kibana
To allow Kibana to auth logins using LLDAP, add the following lines to the Kibana spec:
```yaml
spec:
config:
xpack.security.authc.providers:
basic.ldap1:
order: 0
```
Unless doing additional manifest configuration to automatically map, you will need to create a role mapping between an LLDAP role and an Elasticsearch role (e.g. `superuser`). This can be done by logging in using the default `elastic` user created during cluster init and then creating a role mapping in Stack Management. Once created, you will be able to login using LLDAP auth.