Created
September 20, 2013 14:50
-
-
Save xorpaul/6638695 to your computer and use it in GitHub Desktop.
First try to enable user authentication for different Elasticsearch indices
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| You need to point the kibana config.js to this vHost with the correct port! | |
| In this case | |
| ``` | |
| $ grep elas config.js | |
| elasticsearch: "http://elasticsearch", | |
| ``` | |
| Then have ES only listen on localhost, so that everyone need to go though this | |
| Host: | |
| ``` | |
| <VirtualHost <%= ipaddress %>:80> | |
| ServerName elasticsearch | |
| ServerAdmin root@localhost | |
| <LocationMatch "/[^/]*foobar[^/]*/"> | |
| AuthType Basic | |
| AuthName elasticsearch | |
| AuthBasicProvider ldap | |
| AuthLDAPURL ldaps://<%= ldap_stuff %>?uid?sub?(objectClass=person) | |
| AuthzLDAPAuthoritative on | |
| AuthLDAPGroupAttributeIsDN on | |
| AuthLDAPGroupAttribute uniquemember | |
| AuthLDAPCompareDNOnServer off | |
| AuthLDAPBindDN <%= ldap_bindn %> | |
| AuthLDAPBindPassword <%= ldap_password %> | |
| Require valid-user | |
| </LocationMatch> | |
| ProxyPass / http://localhost:9200/ | |
| ProxyPassReverse / http://localhost:9200/ | |
| LogLevel debug | |
| CustomLog ${APACHE_LOG_DIR}/elasticsearch-access.log combined | |
| ErrorLog ${APACHE_LOG_DIR}/elasticsearch-error.log | |
| </VirtualHost> | |
| # vim: ft=apache syn=apache ts=2 sw=2 | |
| ``` |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Doesn't work for me.
Kibana's Javascript tries to query the protected indices and fails to pop up any password prompt for the user and just gives up.
http://i.imgur.com/R6h9R02.png