Wazuh vs LDAP integration setup

[Luiz Henrique Silva]

Guys, good morning! 

I'm new to the tool and I'm on a mission to integrate Wazuh with LDAP.

After configuring the config.yml file in the /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/config.yml directory, I run the command ./securityadmin.sh -f /usr/share/wazuh-indexer/plugins /opensearch-security/securityconfig/config.yml -icl -nhnv -cert /etc/wazuh-indexer/certs/admin.pem -cacert /etc/wazuh-indexer/certs/root-ca.pem -key /etc/wazuh -indexer/certs/admin-key.pem -t config successfully, but integration doesn't work.

Following log: tail -f /usr/share/wazuh-dashboard/data/wazuh/logs/wazuhapp.log {"date":"2022-09-02T18:33:46.072Z","level":"error","location":"queue:delayApiRequest","message":"An error occurred in the delayed request: \ "DELETE /security/user/authenticate\": Request failed with status code 401"} {"date":"2022-09-02T18:36:15.245Z","level":"error","location":"queue:delayApiRequest","message":"An error occurred in the delayed request: \ "DELETE /security/user/authenticate\": Request failed with status code 401"}

Has anyone seen this error?

At.te,

Luiz Henrique Guimarães.

[Jesus Linares]

Hi Luiz,

What identity provider are you using? Could you describe the steps that you did?

The 401 code is an "unauthorized code", probably it is telling us that the LDAP configuration is not working properly but it is not the root cause.

In this issue https://github.com/wazuh/wazuh-documentation/issues/2981 we describe different identity providers like:

• Okta
• Azure Active Directory
• PingOne
• Google
• Jumpcloud

I hope it helps.

[Luiz Henrique Silva]

Hello Jesus Linares, good afternoon. 

I'm trying to perform Wazuh integration with Active Directory. I've already made the settings, as instructed in the config.yml file, but it doesn't work.

Follow log: {"title":"Wazuh Internal Error","detail":"Timeout executing API request","dapi_errors":{"node01":{"error":"Timeout executing API request","logfile":"WAZUH_HOME/ logs/api.log"}},"error":3021}} {"date":"2022-09-06T11:45:45.257Z","level":"error","location":"queue:delayApiRequest","message":"An error occurred in the delayed request: \ "DELETE /security/user/authenticate\": Request failed with status code 401"} {"date":"2022-09-06T11:45:45.264Z","level":"error","location":"queue:delayApiRequest","message":"An error occurred in the delayed request: \ "DELETE /security/user/authenticate\": Request failed with status code 401"} {"date":"2022-09-06T12:18:00.230Z","level":"error","location":"queue:delayApiRequest","message":"An error occurred in the delayed request: \ "DELETE /security/user/authenticate\": Request failed with status code 401"}

At.te,

Luiz Henrique Guimarães.

[Jesus Linares]

Hi Luiz,

Sorry for the late reply. We need more details to help you with your issue. Could you share the steps that you followed (do not share confidential information)?

Thanks.

[Luiz Henrique Silva]

Dear Jesus Linares, good morning !

I do share.

Atenciosamente,
Luiz Henrique Silva.

--
You received this message because you are subscribed to a topic in the Google Groups "Wazuh mailing list" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/wazuh/X6zD_UEOozc/unsubscribe.
To unsubscribe from this group and all its topics, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/c1dd309d-58dc-4fa5-9b23-05a23636bf94n%40googlegroups.com.

[Jesus Linares]

Hi Luiz,

I don't know the steps that you performed, but I would try to help.

Did you configure the roles_mapping.yml file? 

For example, if your LDAP group is wazuh-saml-role, you need to include it in the backend_roles object located in /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/roles_mapping.yml:

all_access:
  reserved: true
  hidden: false
  backend_roles:
  - "wazuh-saml-role"
  hosts: []
  users: []
  and_backend_roles: []

Then, you need to apply that configuration:

./securityadmin.sh -f /usr/share/wazuh-indexer/plugins /opensearch-security/securityconfig/roles_mapping.yml -icl -nhnv -cert /etc/wazuh-indexer/certs/admin.pem -cacert /etc/wazuh-indexer/certs/root-ca.pem -key /etc/wazuh -indexer/certs/admin-key.pem -t config

I hope it helps.

...

[Luiz Henrique Silva]

Dear Jesus Linares, good morning! Sorry for the delay in responding. Yes, I configured the "role_mapping" file and then ran the following command:

---

_meta:
  type: "rolesmapping"
  config_version: 2
all_access:
  reserved: false
  hidden: false
  backend_roles:
  - "admin"
  - "DeskAdmin"
  hosts: []
  users: []
  and_backend_roles: []
  description: "Maps admin to all_access"
"/usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/roles_mapping.yml" 72L, 1253C

"/usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -cd /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/ -nhnv -cacert /etc/wazuh-indexer/certs/root-ca.pem -cert /etc/wazuh-indexer/certs/admin.pem -key /etc/wazuh-indexer/certs/admin-key.pem -h x.x.x.x -icl"

./securityadmin.sh -f /usr/share/wazuh-indexer/plugins /opensearch-security/securityconfig/roles_mapping.yml -icl -nhnv -cert /etc/wazuh-indexer/certs/admin.pem -cacert /etc/ wazuh-indexer/certs/root-ca.pem -key /etc/wazuh -indexer/certs/admin-key.pem -t config

Amabo the commandos were executed, but without success.

Att,

Luiz Henrique Guimarães.

[Jesus Linares]

Hi Luiz,

Could you share the output of the following commands? 

• grep ldap /var/log/wazuh-indexer/opensearch.log 
• grep -i -E "ERR|WARN" /var/log/wazuh-indexer/opensearch.log

Please, check that the output doesn't contain sensitive information.

Thanks.