LDAP user getting missing role error, then able to login successfully 1 hour later


We have a 2.8 cluster with LDAP enabled. Sometimes some of our users experience an issue where they’re able to successfully login to the cluster, but upon logging in are met with a “missing role” error. Users then wait about an hour, try logging in again and are able to access dashboard successfully.

Any recommendations on what the issue could be, or how to investigate this?

Hi @kjk2161,

This sounds like a cache, you can control it with plugins.security.cache.ttl_minutes the default is 60. Disable caching by setting the value to 0 in opensearch.yml.

more please see here: Security settings - OpenSearch Documentation


enable logging and monitoring within the to get more details about user authentication and authorization. Review the log file see the error or message related information.

make sure that the LDAP group membership is synchronized properly with opensearch, and verify that each LDAP user is correctly mapped to the appropriate role with necessary permission.