Dashboard LDAP user - bootstrap.js 401 unauthorized

Security
1

Hi!

I am using Wazuh v4.3.1, which uses opensearch under the hood. Current version is:
OpenSearch Version: 1.2.4
OpenSearch Security Version: 1.2.4.0

I tried to setup LDAP, which seems to work fine (no error entries in the logs anymore :upside_down_face:)

My Problem is as follows: when I login to the dashboard as LDAP user I only see a white page. This is because as a logged-in user I am suddenly not allowed to access bootstrap.js (HTTP Error 401). When not logged in I am allowed to access the file, when logged in as an internal user I am allowed as well.

Is there anything I am missing?

Best regards,

Marc

2

@msn Not sure about Wazuh, but are you able to check what roles the users is mapped as LDAP user and as internal user?

Below works on opensearch 1.2
curl --insecure -u {username}:{password} -XGET “https://localhost:9200/_opendistro/_security/authinfo?pretty

3

Cool I didn’t know about this API call. It is a great way for me to verify that LDAP works. My user has the “all_access” role. In case that is not a well known role, it means: Cluster permissions: *, Index permissions: *, Tenants: *

"roles" : [
    "own_index",
    "all_access"
  ],
  "tenants" : {
    "global_tenant" : true,
    "admin_tenant" : true,
    "<myusername>" : true
  },
4

@msn if this is the LDAP user, then the access should indeed be there, it would seem it is Wazuh’s implementation that is causing this. I’d recommend to check with them.

5

@Anthony yeah that is the LDAP user. I will try with Wazuh forums then. Thanks for you help.