elasticsearch 7.12 x-pack 配置ldap
# 安装基础环境
yum install git
curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
# 拉取docker elasticsearch/kibana 环境
cd /opt
git clone https://github.com/117503445/elasticsearch-deploy.git
# deploy edit password in .env
docker-compose up -d
# 查看日志
docker-compose logs -f
# visit http://localhost:5601
# default username: elastic
# default password: mypassword
# 配置激活x-path 白金版
cd /opt/elasticsearch-deploy
curl -XPUT -u elastic:mypassword 'http://172.22.2.222:9200/_xpack/license' -H "Content-Type: application/json" -d @license.json
docker-compose restart
# 检查激活
curl -XPOST -u elastic:mypassword http://172.22.2.222:9200/_license
# 配置ldap
# vim elasticsearch.yml
---
## Default Elasticsearch configuration from Elasticsearch base image.
## https://github.com/elastic/elasticsearch/blob/master/distribution/docker/src/docker/config/elasticsearch.yml
#
cluster.name: "docker-cluster"
network.host: 0.0.0.0
## X-Pack settings
## see https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-xpack.html
xpack.security.enabled: true
xpack.monitoring.collection.enabled: true
xpack:
security:
authc:
realms:
ldap:
ldap1:
order: 0
url: "ldap://172.22.2.22:389"
bind_dn: "cn=root,ou=管理,ou=企业,dc=tpping,dc=tp"
user_search:
base_dn: "ou=技术,ou=企业,dc=tpping,dc=tp"
filter: "(cn={0})"
group_search:
base_dn: "ou=技术,ou=企业,dc=tpping,dc=tp"
unmapped_groups_as_roles: false
# 配置ldap root用户管理密码
docker exec -it elasticsearch bash
elasticsearch-keystore add xpack.security.authc.realms.ldap.ldap1.secure_bind_password
# 交互式输入密码
docker-compose restart
# 授权chen.da 超级用户权限
curl -X PUT -u elastic:mypassword "http://172.22.2.222:9200/_xpack/security/role_mapping/ldap_super_user1?pretty" -H 'Content-Type: application/json' -d'
{
"roles": [ "superuser" ],
"enabled": true,
"rules": {
"any": [
{
"field": {
"groups" : "ou=运维管理,ou=企业,dc=tpping,dc=tp"
}
}
]
}
}'
# 检查,可以查出license为正常
curl -XGET -u chen.da:ww232ww http://172.22.2.222:9200/_license
-- 引用连接
https://github.com/117503445/elasticsearch-deploy
https://www.117503445.top/2021/05/09/2021-05-09-ElasticSearch Xpack破解/
https://help.aliyun.com/document_detail/149442.html
https://www.jianshu.com/p/7154e80490ad
不断学习