A newer version is available. For the latest information, see the
current release documentation.
ActiveDirectorySettings
editActiveDirectorySettings
editElasticsearch Security Active Directory realm configuration
Properties
edit-
bind_anonymously
(boolean
, required) - When true, bindDb credentials are ignored
-
bind_dn
(string
) - The distinguished name of the user that is used to bind to the Active Directory and perform searches.
-
bind_password
(string
) - The user password that is used to bind to the Active Directory server.
-
certificate_url
(string
) - The SSL trusted CA certificate bundle URL. The bundle should be a zip file containing a single keystore file 'keystore.ks' in the directory '/active_directory/:id/truststore', where :id is the value of the [id] field.
-
certificate_url_truststore_password
(string
) - The password to the certificate bundle URL truststore
-
certificate_url_truststore_type
(string
; allowed values: [jks
,PKCS12
]) - The format of the keystore file. Should be jks to use the Java Keystore format or PKCS12 to use PKCS#12 files. The default is jks.
-
domain_name
(string
, required) - Specifies the domain name of the Active Directory (the forest root domain name).
-
enabled
(boolean
) - When true, enables the security realm
-
group_search
(ActiveDirectoryGroupSearch
) - The Active Directory group search configuration
-
id
(string
, required) - The identifier for the security realm
-
load_balance
(ActiveDirectorySecurityRealmLoadBalance
) - The Active Directory load balancing behavior
-
name
(string
, required) - The friendly name of the security realm
-
order
(integer
asint32
) - The order that the security realm is evaluated
-
override_yaml
(string
) - Advanced configuration options in YAML format. Any settings defined here will override any configuration set via the API. Note that all keys should omit the 'xpack.security.authc.realms.active_directory.{realm_id}' prefix. For example, when the realm ID is set to 'ad1', the advanced configuration 'xpack.security.authc.realms.active_directory.ad1.ssl.verification_mode: full' should be added as 'ssl.verification_mode: full'.
-
role_mappings
(ActiveDirectorySecurityRealmRoleMappingRules
) - The role mapping rules associated with the security realm
-
urls
(array[
string
, required)]
- The Active Directory URLs used to authenticate against, in the format ldap[s]://server:port. Note that ldap and ldaps protocols cannot be mixed together.
-
user_search
(ActiveDirectoryUserSearch
) - The Active Directory user search configuration.
Example
edit{ "bind_anonymously" : true, "bind_dn" : "string", "bind_password" : "string", "certificate_url" : "string", "certificate_url_truststore_password" : "string", "certificate_url_truststore_type" : "string", "domain_name" : "string", "enabled" : true, "group_search" : { "base_dn" : "string", "scope" : "string" }, "id" : "string", "load_balance" : { "cache_ttl" : "string", "type" : "string" }, "name" : "string", "order" : 0, "override_yaml" : "string", "role_mappings" : { "default_roles" : [ "string" ], "rules" : [ { "roles" : [ "string" ], "type" : "string", "value" : "string" } ] }, "urls" : [ "string" ], "user_search" : { "base_dn" : "string", "filter" : "string", "scope" : "string" } }