[英]Integration between ELK and LDAP
I recently got to manage an opensource-based infrastructure composed by multiple Debian servers.我最近开始管理由多个 Debian 服务器组成的基于开源的基础设施。 On some of them, the ELK stack is installed.
其中一些安装了 ELK 堆栈。 I am verifying verify the presence of any integration between ELK and LDAP or other IAMs.
我正在验证 ELK 和 LDAP 或其他 IAM 之间是否存在任何集成。 On the dedicated monitoring node, I looked for IAM-related info into the following configuration files:
在专用监控节点上,我在以下配置文件中查找了 IAM 相关信息:
/etc/elasticsearch/elasticsearch.yaml
/etc/elasticsearch/elasticsearch.yaml
/etc/kibana/kibana.yml
/etc/kibana/kibana.yml
/etc/logstash/logstash.yml
/etc/logstash/logstash.yml
but the only login/account credentials I have been able to find are in the kibana.yml file:但我能找到的唯一登录/帐户凭据在 kibana.yml 文件中:
elasticsearch.username: "username"
elasticsearch.password: "password"
In /etc/kibana/kibana.yml and /etc/elasticsearch/elasticsearch.yml I find the following:在/etc/kibana/kibana.yml和/etc/elasticsearch/elasticsearch.yml 中,我发现以下内容:
xpack.security.enabled: false
which leads me think to the presence of a "xpack" plugin in somehow related to ldap.这让我想到在某种程度上与 ldap 相关的“xpack”插件的存在。 Where should I look for LDAP integration ?
我应该在哪里寻找 LDAP 集成?
Thanks to @Wonka for suggesting the presence of ReadOnlyRest.感谢@Wonka 建议使用 ReadOnlyRest。 I found a readonlyrest.yml in /etc/elasticsearch.
我在 /etc/elasticsearch 中找到了readonlyrest.yml 。 There, the following was present:
在那里,出现了以下内容:
ldaps:
- name: ldap1
host: "ourldapserver.ourdomain"
[...]
Here is where LDAP integration occured.这是 LDAP 集成发生的地方。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.