IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
LdapSettings
editLdapSettings
editThe configuration for the Elasticsearch security LDAP realm.
Properties
edit-
bind_anonymously
(boolean
, required) - When true, bindDb credentials are ignored
-
bind_dn
(string
) - The distinguished name of the user that is used to bind to the LDAP and perform searches. Only used when bind_type is set to 'user_search'.
-
bind_password
(string
) - The user password that is used to bind to the LDAP server. Only used when bind_type is set to 'user_search'.
-
bind_type
(string
; allowed values: [user_search
,user_templates
], required) - The type of user binding to apply
-
certificate_url
(string
) - The SSL trusted CA certificate bundle URL. The bundle should be a zip file containing a single keystore file 'keystore.ks' in the directory '/ldap/:id/truststore', where :id is the value of the [id] field.
-
certificate_url_truststore_password
(string
) - The password to the certificate bundle URL truststore
-
certificate_url_truststore_type
(string
; allowed values: [jks
,PKCS12
]) - The format of the keystore file. Should be jks to use the Java Keystore format or PKCS12 to use PKCS#12 files. The default is jks.
-
enabled
(boolean
) - When true, enables the security realm
-
group_search
(LdapGroupSearch
) - The LDAP group search configuration
-
id
(string
, required) - The identifier for the security realm
-
load_balance
(LdapSecurityRealmLoadBalance
) - The LDAP load balancing behavior
-
name
(string
, required) - The friendly name of the security realm
-
order
(integer
asint32
) - The order that the security realm is evaluated
-
override_yaml
(string
) - Advanced configuration options in YAML format. Any settings defined here will override any configuration set via the API. Note that all keys should omit the 'xpack.security.authc.realms.ldap.{realm_id}' prefix. For example, when the realm ID is set to 'ldap1', the advanced configuration 'xpack.security.authc.realms.ldap.ldap1.ssl.verification_mode: full' should be added as 'ssl.verification_mode: full'.
-
role_mappings
(LdapSecurityRealmRoleMappingRules
) - The role mapping rules associated with the security realm
-
urls
(array[
string
, required)]
- The LDAP URLs used to authenticate against, in the format ldap[s]://server:port. Note that ldap and ldaps protocols cannot be mixed together.
-
user_dn_templates
(array[
string
)]
- The distinguished name template that replaces the user name with the string {0}. Only used when bind_type is set to 'user_templates'.
-
user_group_attribute
(string
) - Specifies the attribute to examine on the user for group membership. If any 'group_search' settings are specified, this setting is ignored. Defaults to 'memberOf'.
-
user_search
(LdapUserSearch
) - The LDAP user search configuration. Only used when bind_type is set to 'user_search'.
Example
edit{ "bind_anonymously" : true, "bind_dn" : "string", "bind_password" : "string", "bind_type" : "string", "certificate_url" : "string", "certificate_url_truststore_password" : "string", "certificate_url_truststore_type" : "string", "enabled" : true, "group_search" : { "base_dn" : "string", "filter" : "string", "scope" : "string", "user_attribute" : "string" }, "id" : "string", "load_balance" : { "cache_ttl" : "string", "type" : "string" }, "name" : "string", "order" : 0, "override_yaml" : "string", "role_mappings" : { "default_roles" : [ "string" ], "rules" : [ { "roles" : [ "string" ], "type" : "string", "value" : "string" } ] }, "urls" : [ "string" ], "user_dn_templates" : [ "string" ], "user_group_attribute" : "string", "user_search" : { "base_dn" : "string", "filter" : "string", "scope" : "string" } }