Elasticsearch Security Active Directory realm configuration


bind_anonymously (boolean, required)
When true, bindDb credentials are ignored
bind_dn (string)
The distinguished name of the user that is used to bind to the Active Directory and perform searches.
bind_password (string)
The user password that is used to bind to the Active Directory server.
certificate_url (string)
The SSL trusted CA certificate bundle URL. The bundle should be a zip file containing a single keystore file 'keystore.ks' in the directory '/active_directory/:id/truststore', where :id is the value of the [id] field.
certificate_url_truststore_password (string)
The password to the certificate bundle URL truststore
certificate_url_truststore_type (string; allowed values: [jks, PKCS12])
The format of the keystore file. Should be jks to use the Java Keystore format or PKCS12 to use PKCS#12 files. The default is jks.
domain_name (string, required)
Specifies the domain name of the Active Directory (the forest root domain name).
enabled (boolean)
When true, enables the security realm
group_search (ActiveDirectoryGroupSearch)
The Active Directory group search configuration
id (string, required)
The identifier for the security realm
load_balance (ActiveDirectorySecurityRealmLoadBalance)
The Active Directory load balancing behavior
name (string, required)
The friendly name of the security realm
order (integer as int32)
The order that the security realm is evaluated
override_yaml (string)
Advanced configuration options in YAML format. Any settings defined here will override any configuration set via the API. Note that all keys should omit the '{realm_id}' prefix. For example, when the realm ID is set to 'ad1', the advanced configuration ' full' should be added as 'ssl.verification_mode: full'.
role_mappings (ActiveDirectorySecurityRealmRoleMappingRules)
The role mapping rules associated with the security realm
urls (array[string], required)
The Active Directory URLs used to authenticate against, in the format ldap[s]://server:port. Note that ldap and ldaps protocols cannot be mixed together.
user_search (ActiveDirectoryUserSearch)
The Active Directory user search configuration.


   "bind_anonymously" : true,
   "bind_dn" : "string",
   "bind_password" : "string",
   "certificate_url" : "string",
   "certificate_url_truststore_password" : "string",
   "certificate_url_truststore_type" : "string",
   "domain_name" : "string",
   "enabled" : true,
   "group_search" : {
      "base_dn" : "string",
      "scope" : "string"
   "id" : "string",
   "load_balance" : {
      "cache_ttl" : "string",
      "type" : "string"
   "name" : "string",
   "order" : 0,
   "override_yaml" : "string",
   "role_mappings" : {
      "default_roles" : [
      "rules" : [
            "roles" : [
            "type" : "string",
            "value" : "string"
   "urls" : [
   "user_search" : {
      "base_dn" : "string",
      "filter" : "string",
      "scope" : "string"