Searchgurad admin user vs certificate

23 views
Skip to first unread message

rud

unread,
Aug 3, 2018, 5:05:43 PM8/3/18
to Search Guard Community Forum
When asking questions, please provide the following information:

* Search Guard and Elasticsearch version-6
* Installed and used enterprise modules, if any -kibana
* JVM version and operating system version- 1.8
* Search Guard configuration files 
* Elasticsearch log messages on debug level
* Other installed Elasticsearch or Kibana plugins, if any


Can't i use same certificate here , Appreciate if you could make me to understand below.

sg_roles_mappimg.yml
sg_all_access:
  users:
  - "CN=bdsys,O=X,L=xxx,ST=xx,C=x"
  
elasticsearch.yml
  searchguard.authcz.admin_dn:
  - "CN=bd-admin,O=X,L=xxx,ST=xx,C=x"

curl -k --cert bdsys:**** -sS -XGET 'https://devxxxxx.com:xxx/_searchguard/authinfo'?pretty
{
  "user" : "User [name=bdsys, roles=[], requestedTenant=null]",
  "user_name" : "bdsys",
  "user_requested_tenant" : null,
  "remote_address" : "xxxxx:56276",
  "backend_roles" : [ ],
  "custom_attribute_names" : [ ],
  "sg_roles" : [
    "sg_all_access",
    "sg_own_index"
  ],
  "sg_tenants" : {
    "test_tenant_ro" : true,
    "adm_tenant" : true,
    "bdmsys" : true
  },
  "principal" : "CN=bdsys,O=xx,L=xxx,ST=xxx,C=xxx",
  "peer_certificates" : "2"
}

Fabien Wernli

unread,
Aug 6, 2018, 3:09:46 AM8/6/18
to Search Guard Community Forum
You can use the same certificate for sgadmin and curl

Cam McKenzie

unread,
Aug 6, 2018, 3:53:13 AM8/6/18
to search...@googlegroups.com
Hi Fabien 
I was trying to give it less authorisation than the admin account not more :-)


On Mon., 6 Aug. 2018, 5:09 pm Fabien Wernli, <swis...@gmail.com> wrote:
You can use the same certificate for sgadmin and curl

--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/fe9fc9a2-5fe1-497d-ad68-57be3adaa654%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Fabien Wernli

unread,
Aug 7, 2018, 10:05:15 AM8/7/18
to Search Guard Community Forum
what's your question?
Reply all
Reply to author
Forward
0 new messages