Opendistro: v1.9.0
I have been adding certain users via the internalusers REST API call and this results in the successful creation of the user. For Kibana access I am authenticating front-end users via LDAP, so ‘basic_internal_auth_domain’ at order 4 and ‘ldap’ at order 5 are setup in config.xml
When the internal users are created via the API calls, I see the following in the logs.
[2020-12-29T12:05:33,409][ERROR][c.a.o.s.a.BackendRegistry] [odfe-cluster1] Cannot retrieve roles for User [name=mytestuser, backend_roles=[mytestrole], requestedTenant=null] from ldap due to ElasticsearchSecurityException[ElasticsearchSecurityException[No user mytestuser found]]; nested: ElasticsearchSecurityException[No user mytestuser found];
org.elasticsearch.ElasticsearchSecurityException: ElasticsearchSecurityException[No user mytestuser found]
Am I correct in thinking the only way to resolve the throwing of this ERROR is to also add the user to the skip_users: section of authz (ldap)?
It seems odd that you can create internal users through the API, yet have them throw the error above, and have to resolve this by adding the user to config.xml and running securityadmin.sh (being careful not to then reset all the permissions).
If this is the case, then I guess a workaround is to prefix all internal users with ‘int_’, and then use a regex pattern in the skip_users section to match ‘/int_\S*/’?
Have others run into a similar issue?
Thanks, Will.