A newer version is available. For the latest information, see the
current release documentation.
LdapSettings
editLdapSettings
editThe configuration for the Elasticsearch security LDAP realm.
Properties
edit-
bind_anonymously
(boolean
, required) - When true, bindDb credentials are ignored
-
bind_dn
(string
) - The distinguished name of the user that is used to bind to the LDAP and perform searches. Only used when bind_type is set to 'user_search'.
-
bind_password
(string
) - The user password that is used to bind to the LDAP server. Only used when bind_type is set to 'user_search'.
-
bind_type
(string
; allowed values: [user_search
,user_templates
], required) - The type of user binding to apply
-
certificate_url
(string
) - The SSL trusted CA certificate bundle URL. The bundle should be a zip file containing a single keystore file 'keystore.ks' in the directory '/ldap/:id/truststore', where :id is the value of the [id] field.
-
certificate_url_truststore_password
(string
) - The password to the certificate bundle URL truststore
-
certificate_url_truststore_type
(string
; allowed values: [jks
,PKCS12
]) - The format of the truststore file. Should be jks to use the Java Keystore format or PKCS12 to use PKCS#12 files. The default is jks.
-
enabled
(boolean
) - When true, enables the security realm
-
group_search
(LdapGroupSearch
) - The LDAP group search configuration
-
id
(string
, required) - The identifier for the security realm
-
load_balance
(LdapSecurityRealmLoadBalance
) - The LDAP load balancing behavior
-
name
(string
, required) - The friendly name of the security realm
-
order
(integer
asint32
) - The order that the security realm is evaluated
-
override_yaml
(string
) - Advanced configuration options in YAML format. Any settings defined here will override any configuration set via the API. Note that all keys should omit the 'xpack.security.authc.realms.ldap.{realm_id}' prefix. For example, when the realm ID is set to 'ldap1', the advanced configuration 'xpack.security.authc.realms.ldap.ldap1.ssl.verification_mode: full' should be added as 'ssl.verification_mode: full'.
-
role_mappings
(LdapSecurityRealmRoleMappingRules
) - The role mapping rules associated with the security realm
-
urls
(array[
string
, required)]
- The LDAP URLs used to authenticate against, in the format ldap[s]://server:port. Note that ldap and ldaps protocols cannot be mixed together.
-
user_dn_templates
(array[
string
)]
- The distinguished name template that replaces the user name with the string {0}. Only used when bind_type is set to 'user_templates'.
-
user_group_attribute
(string
) - Specifies the attribute to examine on the user for group membership. If any 'group_search' settings are specified, this setting is ignored. Defaults to 'memberOf'.
-
user_search
(LdapUserSearch
) - The LDAP user search configuration. Only used when bind_type is set to 'user_search'.
Example
edit{ "bind_anonymously" : true, "bind_dn" : "string", "bind_password" : "string", "bind_type" : "string", "certificate_url" : "string", "certificate_url_truststore_password" : "string", "certificate_url_truststore_type" : "string", "enabled" : true, "group_search" : { "base_dn" : "string", "filter" : "string", "scope" : "string", "user_attribute" : "string" }, "id" : "string", "load_balance" : { "cache_ttl" : "string", "type" : "string" }, "name" : "string", "order" : 0, "override_yaml" : "string", "role_mappings" : { "default_roles" : [ "string" ], "rules" : [ { "roles" : [ "string" ], "type" : "string", "value" : "string" } ] }, "urls" : [ "string" ], "user_dn_templates" : [ "string" ], "user_group_attribute" : "string", "user_search" : { "base_dn" : "string", "filter" : "string", "scope" : "string" } }