How to enable LDAP Authantication sequence for HTTP to enabled status?

Hello, I am trying to update the ldap config of the elasticsearch 7.10.2 version we are currently using. But even though it is edited in “/elasticsearch/plugins/opendistro_security/securityconfig/config.yml” directory on all elasticsearch servers, I can’t see it from the kibana interface, I can also throw the configs if necessary. Thanks in advance.

@ahmet There is no need to update the config.yml on all nodes. The config.yml only needs to be updated on 1 node, but the important step is to load it into the security index.

Once the config.yml is updated on the specific node, upload it using securityadmin.sh script located in “/elasticsearch/plugins/opendistro_security/tools”,
You will need to specify the admin certificate, key and root-ca, see example below.

./securityadmin.sh -cd /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/ -icl -nhnv -cacert /usr/share/elasticsearch/config/certs/root-ca.pem -cert /usr/share/elasticsearch/config/certs/admin-crt.pem -key /usr/share/elasticsearch/config/certs/admin-key.pem

Above will load all the config from securityconfig directory and will overwrite any changes that were done via kibana. If you want to backup those changes first, you can retrieve and save the config first, by adding “-r” flag to the command.

Further details can be found here

1 Like

Thanks for reply @Anthony , it works :+1: