Troubles getting LDAP working

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
v 2.11.1 (Docker)

Describe the issue:
Getting a headache while setting up the LDAP integration in OpenSearch.
First there was issues as the Opensearch provided docker-compose had wrong file path for config.yml etc. Then was the file permissions.
Now I can’t get the Opensearch to read the config.yml. Every time I restart the server it seems like it’s reading the default config even if the docker has mounted the modified config.
I found that there is some script called “securityadmin.sh” that should be executed after config changes. Is this mandatory?
The whole LDAP setup is really pain as documentation lacks or has false information. Has anyone got it working?

Configuration:
Config.yml I am using is done from the template provided by Active Directory and LDAP - OpenSearch Documentation

Of course with correct LDAP settings.

Relevant Logs or Screenshots:

Hi @zumi,

Yes, the “securityadmin.sh” is necessary to apply the configuration.

a sample of securityadmin.sh below (with demo certificates):

./securityadmin.sh -cd /etc/opensearch/config/opensearch-security 
-icl -cacert /etc/opensearch/root-ca.pem -cert /etc/opensearch/kirk.pem 
-key /etc/opensearch/kirk-key.pem -nhnv

Could you please execute the below and share the output?

curl --insecure -u <admin_user>:<admin_password> -XGET https://<OS_node>:9200/_plugins/_security/api/securityconfig?pretty

Would you mind sharing your config.yml as well?

Note: make sure to “blank” all sensitive data when sharing anything on the forum.

Thanks,
mj

Hello!
Sorry for the late response. I ran the securityadmin.sh with the certificates. I had to change the folder paths due to docker implementation.

After few tries I got this and the ldaps seems to be activated but logins are not working

[opensearch@05f5c18f7117 tools]$ ./securityadmin.sh -cd /usr/share/opensearch/plugins/opensearch-security/securityconfig/ -icl -cacert /usr/share/opensearch/config/root-ca.pem -cert /usr/share/opensearch/config/admin.pem -key /usr/share/opensearch/config/admin-key.pem -nhnv
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to localhost:9200 ... done
Connected as "CN=A,OU=UNIT,O=ORG,L=TORONTO,ST=ONTARIO,C=CA"
OpenSearch Version: 2.11.1
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: opensearch-cluster
Clusterstate: GREEN
Number of nodes: 2
Number of data nodes: 2
.opendistro_security index already exists, so we do not need to create one.
Populate config from /usr/share/opensearch/plugins/opensearch-security/securityconfig/
Will update '/config' with /usr/share/opensearch/plugins/opensearch-security/securityconfig/config.yml
   SUCC: Configuration for 'config' created or updated
ERR: Seems /usr/share/opensearch/plugins/opensearch-security/securityconfig/roles.yml is not in OpenSearch Security 7 format: java.io.FileNotFoundException: /usr/share/opensearch/plugins/opensearch-security/securityconfig/roles.yml (No such file or directory)
Will update '/rolesmapping' with /usr/share/opensearch/plugins/opensearch-security/securityconfig/roles_mapping.yml
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /usr/share/opensearch/plugins/opensearch-security/securityconfig/internal_users.yml
   SUCC: Configuration for 'internalusers' created or updated
ERR: Seems /usr/share/opensearch/plugins/opensearch-security/securityconfig/action_groups.yml is not in OpenSearch Security 7 format: java.io.FileNotFoundException: /usr/share/opensearch/plugins/opensearch-security/securityconfig/action_groups.yml (No such file or directory)
ERR: Seems /usr/share/opensearch/plugins/opensearch-security/securityconfig/tenants.yml is not in OpenSearch Security 7 format: java.io.FileNotFoundException: /usr/share/opensearch/plugins/opensearch-security/securityconfig/tenants.yml (No such file or directory)
ERR: Seems /usr/share/opensearch/plugins/opensearch-security/securityconfig/nodes_dn.yml is not in OpenSearch Security 7 format: java.io.FileNotFoundException: /usr/share/opensearch/plugins/opensearch-security/securityconfig/nodes_dn.yml (No such file or directory)
ERR: Seems /usr/share/opensearch/plugins/opensearch-security/securityconfig/whitelist.yml is not in OpenSearch Security 7 format: java.io.FileNotFoundException: /usr/share/opensearch/plugins/opensearch-security/securityconfig/whitelist.yml (No such file or directory)
ERR: cannot upload configuration, see errors above

There is multiple files missing but there is no documentation that these should even exist. Do the script need those or are they just informative errors?