Create Active Directory configuration
Creates a new Active Directory configuration.
Body Required
The Active Directory configuration
-
The identifier for the security realm
-
The friendly name of the security realm
-
The Active Directory URLs used to authenticate against, in the format ldap[s]://server:port. Note that ldap and ldaps protocols cannot be mixed together.
-
Specifies the domain name of the Active Directory (the forest root domain name).
-
When true, bindDb credentials are ignored
-
group_search object
The Active Directory group search configuration
Additional properties are allowed.
-
user_search object
The Active Directory user search configuration.
Additional properties are allowed.
-
bind_dn string
The distinguished name of the user that is used to bind to the Active Directory and perform searches.
-
bind_password string
The user password that is used to bind to the Active Directory server.
-
load_balance object
The Active Directory load balancing behavior
Additional properties are allowed.
-
certificate_url string
The SSL trusted CA certificate bundle URL. The bundle should be a zip file containing a single keystore file 'keystore.ks' in the directory '/active_directory/:id/truststore', where :id is the value of the [id] field.
-
The password to the certificate bundle URL truststore
-
The format of the truststore file. Should be jks to use the Java Keystore format or PKCS12 to use PKCS#12 files. The default is jks.
Values are
jks
orPKCS12
. -
role_mappings object
The role mapping rules associated with the security realm
Additional properties are allowed.
-
enabled boolean
When true, enables the security realm
-
order integer(int32)
The order that the security realm is evaluated
-
override_yaml string
Advanced configuration options in YAML format. Any settings defined here will override any configuration set via the API. Note that all keys should omit the 'xpack.security.authc.realms.active_directory.{realm_id}' prefix. For example, when the realm ID is set to 'ad1', the advanced configuration 'xpack.security.authc.realms.active_directory.ad1.ssl.verification_mode: full' should be added as 'ssl.verification_mode: full'.
Responses
-
The Active Directory configuration was successfully created
Additional properties are allowed.
-
- The realm id is already in use. (code:
security_realm.id_conflict
) - The selected id is not valid. (code:
security_realm.invalid_id
) - Order must be greater than zero. (code:
security_realm.invalid_order
) - Invalid Elasticsearch Security realm type. (code:
security_realm.invalid_type
) - The realm order is already in use. (code:
security_realm.order_conflict
) - Advanced YAML format is invalid. (code:
security_realm.invalid_yaml
) - The url format is invalid. (code:
security_realm.invalid_url
) - Invalid Active Directory URL. (code:
security_realm.active_directory.invalid_url
) - Invalid certificate bundle URL. (code:
security_realm.invalid_bundle_url
)
- The realm id is already in use. (code:
curl \
-X POST https://{{hostname}}/api/v1/platform/configuration/security/realms/active-directory \
-d '{"id":"string","name":"string","urls":["string"],"domain_name":"string","bind_anonymously":true,"group_search":{"base_dn":"string","scope":"sub_tree"},"user_search":{"base_dn":"string","scope":"sub_tree","filter":"string"},"bind_dn":"string","bind_password":"string","load_balance":{"type":"failover","cache_ttl":"string"},"certificate_url":"string","certificate_url_truststore_password":"string","certificate_url_truststore_type":"jks","role_mappings":{"default_roles":["string"],"rules":[{"type":"user_dn","roles":["string"],"value":"string"}]},"enabled":true,"order":42,"override_yaml":"string"}'
{
"id": "string",
"name": "string",
"urls": [
"string"
],
"domain_name": "string",
"bind_anonymously": true,
"group_search": {
"base_dn": "string",
"scope": "sub_tree"
},
"user_search": {
"base_dn": "string",
"scope": "sub_tree",
"filter": "string"
},
"bind_dn": "string",
"bind_password": "string",
"load_balance": {
"type": "failover",
"cache_ttl": "string"
},
"certificate_url": "string",
"certificate_url_truststore_password": "string",
"certificate_url_truststore_type": "jks",
"role_mappings": {
"default_roles": [
"string"
],
"rules": [
{
"type": "user_dn",
"roles": [
"string"
],
"value": "string"
}
]
},
"enabled": true,
"order": 42,
"override_yaml": "string"
}
# Headers
x-cloud-resource-version: string
x-cloud-resource-created: string
x-cloud-resource-last-modified: string
# Payload
{}
# Headers
x-cloud-error-codes: security_realm.id_conflict
# Payload
{
"errors": [
{
"code": "string",
"message": "string",
"fields": [
"string"
]
}
]
}