Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
Latest Version - 2.6.*
Describe the issue:
I was just following the online guide to install and setup the OpenSearch. I have not modify any parameter as I wanted to test the commands first.
Until I come to Apply changes using securityadmin.sh, Apply changes - Step 3, all the steps were managed to complete correctly.
However, at this point I got the below error;
Security Admin v7
Will connect to localhost:9200 … done
Connected as “CN=A,OU=UNIT,O=ORG,L=TORONTO,ST=ONTARIO,C=CA”
ERR: “CN=A,OU=UNIT,O=ORG,L=TORONTO,ST=ONTARIO,C=CA” is not an admin user
Seems you use a client certificate but this one is not registered as admin_dn
Make sure opensearch.yml on all nodes contains:
plugins.security.authcz.admin_dn:
- ““CN=A,OU=UNIT,O=ORG,L=TORONTO,ST=ONTARIO,C=CA””
I am testing in a single node and following is the relevant opensearch.yml configurations;
plugins.security.nodes_dn: CN=node1.dns.a-record,OU=UNIT,O=ORG,L=TORONTO,ST=ONTARIO,C=CA
plugins.security.authcz.admin_dn: CN=A,OU=UNIT,O=ORG,L=TORONTO,ST=ONTARIO,C=CA
Configuration:
plugins.security.nodes_dn: CN=node1.dns.a-record,OU=UNIT,O=ORG,L=TORONTO,ST=ONTARIO,C=CA
plugins.security.authcz.admin_dn: CN=A,OU=UNIT,O=ORG,L=TORONTO,ST=ONTARIO,C=CA
Relevant Logs or Screenshots:
ERR: “CN=A,OU=UNIT,O=ORG,L=TORONTO,ST=ONTARIO,C=CA” is not an admin user
Seems you use a client certificate but this one is not registered as admin_dn
Make sure opensearch.yml on all nodes contains:
plugins.security.authcz.admin_dn:
- ““CN=A,OU=UNIT,O=ORG,L=TORONTO,ST=ONTARIO,C=CA””
Can you please help to understand what mistake i have done and help to rectify the issue?
Thanks in advance,
Luke.