IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
LdapGroupSearch
editLdapGroupSearch
editThe group search configuration for the Elasticsearch security LDAP realm.
Properties
edit-
base_dn
(string
) - Specifies a container DN to search for groups in which the user has membership
-
filter
(string
) - Specifies a filter to search for a group. When unspecified, the security realm searches for group, groupOfNames, groupOfUniqueNames, or posixGroup with the attributes member, memberOf, or memberUid. Any instance of {0} in the filter is replaced by the user attribute defined in user_attribute.
-
scope
(string
; allowed values: [sub_tree
,one_level
,base
]) - Specifies whether the group search should be sub_tree, one_level or base. one_level only searches objects directly contained within the base_dn. The default sub_tree searches all objects contained under base_dn. base specifies that the base_dn is a group object, and that it is the only group considered.
-
user_attribute
(string
) - Specifies the user attribute that is fetched and provided as a parameter to the filter. When unspecified, the user DN is passed to the filter.
Example
edit{ "base_dn" : "string", "filter" : "string", "scope" : "string", "user_attribute" : "string" }