IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
LdapSettings
edit
IMPORTANT: This documentation is no longer updated. Refer to Elastic's version policy and the latest documentation.
LdapSettings
editThe configuration for the Elasticsearch security LDAP realm.
Properties
edit-
bind_anonymously(boolean, required) - When true, bindDb credentials are ignored
-
bind_dn(string) - The distinguished name of the user that is used to bind to the LDAP and perform searches. Only used when bind_type is set to 'user_search'.
-
bind_password(string) - The user password that is used to bind to the LDAP server. Only used when bind_type is set to 'user_search'.
-
bind_type(string; allowed values: [user_search,user_templates], required) - The type of user binding to apply
-
certificate_url(string) - The SSL trusted CA certificate bundle URL. The bundle should be a zip file containing a single keystore file 'keystore.ks' in the directory '/ldap/:id/truststore', where :id is the value of the [id] field.
-
certificate_url_truststore_password(string) - The password to the certificate bundle URL truststore
-
certificate_url_truststore_type(string; allowed values: [jks,PKCS12]) - The format of the keystore file. Should be jks to use the Java Keystore format or PKCS12 to use PKCS#12 files. The default is jks.
-
enabled(boolean) - When true, enables the security realm
-
group_search(LdapGroupSearch) - The LDAP group search configuration
-
id(string, required) - The identifier for the security realm
-
load_balance(LdapSecurityRealmLoadBalance) - The LDAP load balancing behavior
-
name(string, required) - The friendly name of the security realm
-
order(integerasint32) - The order that the security realm is evaluated
-
override_yaml(string) - Advanced configuration options in YAML format. Any settings defined here will override any configuration set via the API. Note that all keys should omit the 'xpack.security.authc.realms.ldap.{realm_id}' prefix. For example, when the realm ID is set to 'ldap1', the advanced configuration 'xpack.security.authc.realms.ldap.ldap1.ssl.verification_mode: full' should be added as 'ssl.verification_mode: full'.
-
role_mappings(LdapSecurityRealmRoleMappingRules) - The role mapping rules associated with the security realm
-
urls(array[string, required)] - The LDAP URLs used to authenticate against, in the format ldap[s]://server:port. Note that ldap and ldaps protocols cannot be mixed together.
-
user_dn_templates(array[string)] - The distinguished name template that replaces the user name with the string {0}. Only used when bind_type is set to 'user_templates'.
-
user_group_attribute(string) - Specifies the attribute to examine on the user for group membership. If any 'group_search' settings are specified, this setting is ignored. Defaults to 'memberOf'.
-
user_search(LdapUserSearch) - The LDAP user search configuration. Only used when bind_type is set to 'user_search'.
Example
edit{
"bind_anonymously" : true,
"bind_dn" : "string",
"bind_password" : "string",
"bind_type" : "string",
"certificate_url" : "string",
"certificate_url_truststore_password" : "string",
"certificate_url_truststore_type" : "string",
"enabled" : true,
"group_search" : {
"base_dn" : "string",
"filter" : "string",
"scope" : "string",
"user_attribute" : "string"
},
"id" : "string",
"load_balance" : {
"cache_ttl" : "string",
"type" : "string"
},
"name" : "string",
"order" : 0,
"override_yaml" : "string",
"role_mappings" : {
"default_roles" : [
"string"
],
"rules" : [
{
"roles" : [
"string"
],
"type" : "string",
"value" : "string"
}
]
},
"urls" : [
"string"
],
"user_dn_templates" : [
"string"
],
"user_group_attribute" : "string",
"user_search" : {
"base_dn" : "string",
"filter" : "string",
"scope" : "string"
}
}