I added xxx internal user through the opensearch UI and I’m now trying to do any kind of operation with said user but opensearch doesn’t seem to recognize him, instead it is looking for him elsewhere (LDAP server)
Configuration:
Relevant Logs or Screenshots:
No ‘Authorization’ header, send 401 and ‘WWW-Authenticate Basic’
[2023-06-20T13:41:35,730][WARN ][c.a.d.a.l.b.LDAPAuthorizationBackend] [opensearch-cluster-ingest-2] In order to disable host name verification for LDAP connections (verify_hostnames: true), you also need to set set the system property com.sun.jndi.ldap.object.disableEndpointIdentification to true when starting the JVM running OpenSearch. This applies for all Java versions released since July 2018.
[2023-06-20T13:41:35,810][ERROR][o.o.s.a.BackendRegistry ] [opensearch-cluster-ingest-2] Cannot retrieve roles for User [name=xxx, backend_roles=[ingest], requestedTenant=null] from ldap due to OpenSearchSecurityException[OpenSearchSecurityException[No user xxx found]]; nested: OpenSearchSecurityException[No user xxx found];
org.opensearch.OpenSearchSecurityException: OpenSearchSecurityException[No user xxx found]
@vmm-afonso If you use more than one authentication domain, the OpenSearch security plugin will try to authenticate against all of them in the defined order.
That’s why you see the observed errors in the OpenSearch logs. It’s not a bug, this is how the security plugin works by design.
In regards to the internal user. Did you assign any roles to that user? If so, could you share the corresponding entries from roles.yml and roles_mapping.yml, and the user’s name?