helm-charts
helm-charts copied to clipboard
opensearch-project
[BUG]Helm deploy ldap connect not working
Hi guys,
I am trying use ldap authc by helm deployment. Here is my helm version:
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
opensearch-ds1 opensearch 1 2023-03-17 11:35:19.70864169 +0800 CST deployed opensearch-dashboards-2.9.0 2.6.0
opensearch-test1 opensearch 28 2023-03-20 15:46:30.28341651 +0800 CST deployed opensearch-2.11.1 2.6.0
The first way I tried was add ldap config in values.yaml, like below:
securityConfig:
enabled: true
path: "/usr/share/opensearch/config/opensearch-security"
actionGroupsSecret:
configSecret:
internalUsersSecret:
rolesSecret:
rolesMappingSecret:
tenantsSecret:
# The following option simplifies securityConfig by using a single secret and
# specifying the config files as keys in the secret instead of creating
# different secrets for for each config file.
# Note that this is an alternative to the individual secret configuration
# above and shouldn't be used if the above secrets are used.
config:
# There are multiple ways to define the configuration here:
# * If you define anything under data, the chart will automatically create
# a secret and mount it.
# * If you define securityConfigSecret, the chart will assume this secret is
# created externally and mount it.
# * It is an error to define both data and securityConfigSecret.
securityConfigSecret: ""
dataComplete: true
data:
config.yml: |-
_meta:
type: "config"
config_version: 2
config:
dynamic:
http:
anonymous_auth_enabled: false
authc:
ldap:
http_enabled: true
transport_enabled: true
order: 1
http_authenticator:
type: basic
challenge: true
authentication_backend:
type: ldap
config:
enable_ssl: false
enable_start_tls: false
enable_ssl_client_auth: false
verify_hostnames: false
hosts:
...
but not working
Then I tried use k8s secret mounted the config:
apiVersion: v1
kind: Secret
metadata:
name: security-config-secret
namespace: opensearch
type: Opaque
data:
config.yml: $base64 content
securityConfig:
enabled: true
path: "/usr/share/opensearch/config/opensearch-security"
actionGroupsSecret:
configSecret: security-config-secret
internalUsersSecret:
rolesSecret:
rolesMappingSecret:
tenantsSecret:
# The following option simplifies securityConfig by using a single secret and
# specifying the config files as keys in the secret instead of creating
# different secrets for for each config file.
# Note that this is an alternative to the individual secret configuration
# above and shouldn't be used if the above secrets are used.
config:
# There are multiple ways to define the configuration here:
# * If you define anything under data, the chart will automatically create
# a secret and mount it.
# * If you define securityConfigSecret, the chart will assume this secret is
# created externally and mount it.
# * It is an error to define both data and securityConfigSecret.
securityConfigSecret: ""
dataComplete: true
data: {}
# config.yml: |-
still not working
There is no error in the opensearch cluster and I can also see the config in /usr/share/opensearch/config/opensearch-security, Is there anything I missed?
[Traige] Hey @benbenai7786 I assume you followed the examples from https://github.com/opensearch-project/security/tree/main/config, @peternied can you please take a look and see what is the missing config to connect to LDAP? Thank you
@benbenai7786 For security configuration issues try searching for related issues in our forum or creating a new thread for support https://forum.opensearch.org/c/security/3
