IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
ActiveDirectorySettings
editActiveDirectorySettings
editElasticsearch Security Active Directory realm configuration
Properties
edit-
bind_anonymously
(boolean
, required) - When true, bindDb credentials are ignored
-
bind_dn
(string
) - The distinguished name of the user that is used to bind to the Active Directory and perform searches.
-
bind_password
(string
) - The user password that is used to bind to the Active Directory server.
-
certificate_url
(string
) - The SSL trusted CA certificate bundle URL. The bundle should be a zip file containing a single keystore file 'keystore.ks' in the directory '/active_directory/:id/truststore', where :id is the value of the [id] field.
-
certificate_url_truststore_password
(string
) - The password to the certificate bundle URL truststore
-
certificate_url_truststore_type
(string
; allowed values: [jks
,PKCS12
]) - The format of the keystore file. Should be jks to use the Java Keystore format or PKCS12 to use PKCS#12 files. The default is jks.
-
domain_name
(string
, required) - Specifies the domain name of the Active Directory (the forest root domain name).
-
enabled
(boolean
) - When true, enables the security realm
-
group_search
(ActiveDirectoryGroupSearch
) - The Active Directory group search configuration
-
id
(string
, required) - The identifier for the security realm
-
load_balance
(ActiveDirectorySecurityRealmLoadBalance
) - The Active Directory load balancing behavior
-
name
(string
, required) - The friendly name of the security realm
-
order
(integer
asint32
) - The order that the security realm is evaluated
-
override_yaml
(string
) - Advanced configuration options in YAML format. Any settings defined here will override any configuration set via the API. Note that all keys should omit the 'xpack.security.authc.realms.active_directory.{realm_id}' prefix. For example, when the realm ID is set to 'ad1', the advanced configuration 'xpack.security.authc.realms.active_directory.ad1.ssl.verification_mode: full' should be added as 'ssl.verification_mode: full'.
-
role_mappings
(ActiveDirectorySecurityRealmRoleMappingRules
) - The role mapping rules associated with the security realm
-
urls
(array[
string
, required)]
- The Active Directory URLs used to authenticate against, in the format ldap[s]://server:port. Note that ldap and ldaps protocols cannot be mixed together.
-
user_search
(ActiveDirectoryUserSearch
) - The Active Directory user search configuration.
Example
edit{ "bind_anonymously" : true, "bind_dn" : "string", "bind_password" : "string", "certificate_url" : "string", "certificate_url_truststore_password" : "string", "certificate_url_truststore_type" : "string", "domain_name" : "string", "enabled" : true, "group_search" : { "base_dn" : "string", "scope" : "string" }, "id" : "string", "load_balance" : { "cache_ttl" : "string", "type" : "string" }, "name" : "string", "order" : 0, "override_yaml" : "string", "role_mappings" : { "default_roles" : [ "string" ], "rules" : [ { "roles" : [ "string" ], "type" : "string", "value" : "string" } ] }, "urls" : [ "string" ], "user_search" : { "base_dn" : "string", "filter" : "string", "scope" : "string" } }