searchguard.authentication.authentication_backend.cache.enable: true
209 views
Skip to first unread message
koup...@gmail.com
Jun 10, 2015, 7:44:02 PM6/10/15
to search...@googlegroups.com
Hi,
searchguard.authentication.authentication_backend.cache.enable: true
searchguard.authentication.authorizer.cache.enable: true
Are these cache config keys applicable to LDAPAuthentication & LDAPAuthorization as well?
I keep find logon info at ldap server's event view log.
SG
Jun 11, 2015, 4:16:42 PM6/11/15
to search...@googlegroups.com
yes, caching should also work for ldap authn/authz
> --
> You received this message because you are subscribed to the Google Groups "Search Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/dab71e00-bb02-47da-b364-1b071ba3eb4f%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
> You received this message because you are subscribed to the Google Groups "Search Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/dab71e00-bb02-47da-b364-1b071ba3eb4f%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
koup...@gmail.com
Jun 11, 2015, 9:23:06 PM6/11/15
to search...@googlegroups.com
Enter code here...Hi,
From TRACE, I do see that there GuavaCachingAuthorizator for roles, but not seeing Authn
Also, logon info on ldap server even view.
Is there any config or setting that i'm missing other than
searchguard.authentication.authentication_backend.cache.enable: true
searchguard.authentication.authorizer.cache.enable: true
[2015-06-11 14:34:47,419][TRACE][com.floragunn.searchguard.rest.DefaultRestFilter] Path: GET /XXXX/XXX/_search
[2015-06-11 14:34:47,419][TRACE][com.floragunn.searchguard.rest.DefaultRestFilter] Headers: [Host=10.x.xx.xxx:9200, Connection=keep-alive, CSP=active, Cache-Control=no-cache, User-Agent=Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.124 Safari/537.36, Authorization=Basic zzzzzzz=, Postman-Token=24b12e74-b7f0-b5e7-85dc-de93f9fdd5f1, Accept=*/*, Accept-Encoding=gzip, deflate, sdch, Accept-Language=en-US,en;q=0.8]
[2015-06-11 14:34:47,419][TRACE][com.floragunn.searchguard.rest.DefaultRestFilter] Source:
[2015-06-11 14:34:47,420][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] This is a connection from 10.x.xx.xx
[2015-06-11 14:34:47,451][TRACE][com.floragunn.searchguard.authorization.ldap.LDAPAuthorizator]
Connect to 10.x.xx.xxx:389[2015-06-11 14:34:47,912][TRACE][com.floragunn.searchguard.authentication.backend.ldap.LDAPAuthenticationBackend] Disconnect CN=x,CN=y,DC=z,DC=LOCAL
[2015-06-11 14:34:47,924][TRACE][com.floragunn.searchguard.authorization.ldap.LDAPAuthorizator] Connect to 10.x.xx.xxx:389
[2015-06-11 14:34:47,929][TRACE][com.floragunn.searchguard.authentication.backend.ldap.LDAPAuthenticationBackend] Try to authenticate dn CN=x,OU=y,DC=z,DC=LOCAL
[2015-06-11 14:34:47,934][DEBUG][com.floragunn.searchguard.authentication.backend.ldap.LDAPAuthenticationBackend] Authenticated username CN=x,OU=y,DC=z,DC=LOCAL
[2015-06-11 14:34:47,936][TRACE][com.floragunn.searchguard.authorization.GuavaCachingAuthorizator] Return roles from cache for com.floragunn.searchguard.authentication.AuthCredentials@8b265980
[2015-06-11 14:34:47,936][TRACE][com.floragunn.searchguard.authorization.GuavaCachingAuthorizator] Populate roles to cache for Tuple [v1=User [name=CN=x,OU=y,DC=z,DC=LOCAL, roles=[]], v2=com.floragunn.searchguard.authentication.AuthCredentials@8b265980]
[2015-06-11 14:34:47,943][TRACE][com.floragunn.searchguard.authorization.ldap.LDAPAuthorizator] Connect to 10.x.xx.xxx:389
[2015-06-11 14:34:47,951][TRACE][com.floragunn.searchguard.authorization.ldap.LDAPAuthorizator] CN=x,OU=y,DC=z,DC=LOCAL is a valid DN
[2015-06-11 14:34:47,966][TRACE][com.floragunn.searchguard.authorization.ldap.LDAPAuthorizator] User found with DN CN=x,OU=y,DC=z,DC=LOCAL
[2015-06-11 14:34:47,967][TRACE][com.floragunn.searchguard.authorization.ldap.LDAPAuthorizator] User roles count: 1
[2015-06-11 14:34:47,973][TRACE][com.floragunn.searchguard.authorization.ldap.LDAPAuthorizator] non user roles count: 1
[2015-06-11 14:34:47,979][DEBUG][com.floragunn.searchguard.authentication.http.basic.HTTPBasicAuthenticator] User 'User [name=CN=x,OU=y,DC=z,DC=LOCAL, roles=[Elasticsearch Admin]]' is authenticated
[2015-06-11 14:34:47,979][TRACE][com.floragunn.searchguard.rest.DefaultRestFilter] Authentication finished
[2015-06-11 14:34:47,980][INFO ][com.floragunn.searchguard.rest.DefaultRestFilter] Authenticated user is User [name=CN=x,OU=y,DC=z,DC=LOCAL, roles=[Elasticsearch Admin]]
Enter code here...[2015-06-11 14:35:02,563][TRACE][com.floragunn.searchguard.rest.DefaultRestFilter] Path: GET /XXXX/XXX/_search
[2015-06-11 14:35:02,563][TRACE][com.floragunn.searchguard.rest.DefaultRestFilter] Headers: [Host=10.x.xx.xxx:9200, Connection=keep-alive, CSP=active, Cache-Control=no-cache, User-Agent=Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.124 Safari/537.36, Authorization=Basic zzzzzzz=, Postman-Token=070dc4d5-d376-56da-27d9-8d23420082d4, Accept=*/*, Accept-Encoding=gzip, deflate, sdch, Accept-Language=en-US,en;q=0.8]
[2015-06-11 14:35:02,563][TRACE][com.floragunn.searchguard.rest.DefaultRestFilter] Source:
[2015-06-11 14:35:02,563][DEBUG][com.floragunn.searchguard.rest.DefaultRestFilter] This is a connection from 10.x.xx.xx
[2015-06-11 14:35:02,569][TRACE][com.floragunn.searchguard.authorization.ldap.LDAPAuthorizator] Connect to 10.x.xx.xxx:389
[2015-06-11 14:35:02,583][TRACE][com.floragunn.searchguard.authentication.backend.ldap.LDAPAuthenticationBackend] Disconnect CN=x,CN=y,DC=z,DC=LOCAL
[2015-06-11 14:35:02,589][TRACE][com.floragunn.searchguard.authorization.ldap.LDAPAuthorizator] Connect to 10.x.xx.xxx:389
[2015-06-11 14:35:02,594][TRACE][com.floragunn.searchguard.authentication.backend.ldap.LDAPAuthenticationBackend] Try to authenticate dn CN=x,OU=y,DC=z,DC=LOCAL
[2015-06-11 14:35:02,598][DEBUG][com.floragunn.searchguard.authentication.backend.ldap.LDAPAuthenticationBackend] Authenticated username CN=x,OU=y,DC=z,DC=LOCAL
[2015-06-11 14:35:02,599][TRACE][com.floragunn.searchguard.authorization.GuavaCachingAuthorizator] Return roles from cache for com.floragunn.searchguard.authentication.AuthCredentials@8b265980
[2015-06-11 14:35:02,599][DEBUG][com.floragunn.searchguard.authentication.http.basic.HTTPBasicAuthenticator] User 'User [name=CN=x,OU=y,DC=z,DC=LOCAL, roles=[Elasticsearch Admin]]' is authenticated
[2015-06-11 14:35:02,599][TRACE][com.floragunn.searchguard.rest.DefaultRestFilter] Authentication finished
[2015-06-11 14:35:02,599][INFO ][com.floragunn.searchguard.rest.DefaultRestFilter] Authenticated user is User [name=CN=x,OU=y,DC=z,DC=LOCAL, roles=[Elasticsearch Admin]]
SG
Jul 1, 2015, 9:41:00 AM7/1/15
to search...@googlegroups.com
bug confirmed, will be fixed with the next versions
thanks a lot!
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/0ad16fd0-fea3-4c62-85f5-788fca01c4ab%40googlegroups.com.
thanks a lot!
SG
Jul 1, 2015, 10:44:43 AM7/1/15
to search...@googlegroups.com
see https://github.com/floragunncom/search-guard/issues/27
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/B2E0501C-B735-4BD3-9007-DE1DC528744F%40search-guard.com.
Reply all
Reply to author
Forward
0 new messages