A newer version is available. For the latest information, see the
current release documentation.
ActiveDirectorySettings
edit
IMPORTANT: This documentation is no longer updated. Refer to Elastic's version policy and the latest documentation.
ActiveDirectorySettings
editElasticsearch Security Active Directory realm configuration
Properties
edit-
bind_anonymously(boolean, required) - When true, bindDb credentials are ignored
-
bind_dn(string) - The distinguished name of the user that is used to bind to the Active Directory and perform searches.
-
bind_password(string) - The user password that is used to bind to the Active Directory server.
-
certificate_url(string) - The SSL trusted CA certificate bundle URL. The bundle should be a zip file containing a single keystore file 'keystore.ks' in the directory '/active_directory/:id/truststore', where :id is the value of the [id] field.
-
certificate_url_truststore_password(string) - The password to the certificate bundle URL truststore
-
certificate_url_truststore_type(string; allowed values: [jks,PKCS12]) - The format of the truststore file. Should be jks to use the Java Keystore format or PKCS12 to use PKCS#12 files. The default is jks.
-
domain_name(string, required) - Specifies the domain name of the Active Directory (the forest root domain name).
-
enabled(boolean) - When true, enables the security realm
-
group_search(ActiveDirectoryGroupSearch) - The Active Directory group search configuration
-
id(string, required) - The identifier for the security realm
-
load_balance(ActiveDirectorySecurityRealmLoadBalance) - The Active Directory load balancing behavior
-
name(string, required) - The friendly name of the security realm
-
order(integerasint32) - The order that the security realm is evaluated
-
override_yaml(string) - Advanced configuration options in YAML format. Any settings defined here will override any configuration set via the API. Note that all keys should omit the 'xpack.security.authc.realms.active_directory.{realm_id}' prefix. For example, when the realm ID is set to 'ad1', the advanced configuration 'xpack.security.authc.realms.active_directory.ad1.ssl.verification_mode: full' should be added as 'ssl.verification_mode: full'.
-
role_mappings(ActiveDirectorySecurityRealmRoleMappingRules) - The role mapping rules associated with the security realm
-
urls(array[string, required)] - The Active Directory URLs used to authenticate against, in the format ldap[s]://server:port. Note that ldap and ldaps protocols cannot be mixed together.
-
user_search(ActiveDirectoryUserSearch) - The Active Directory user search configuration.
Example
edit{
"bind_anonymously" : true,
"bind_dn" : "string",
"bind_password" : "string",
"certificate_url" : "string",
"certificate_url_truststore_password" : "string",
"certificate_url_truststore_type" : "string",
"domain_name" : "string",
"enabled" : true,
"group_search" : {
"base_dn" : "string",
"scope" : "string"
},
"id" : "string",
"load_balance" : {
"cache_ttl" : "string",
"type" : "string"
},
"name" : "string",
"order" : 0,
"override_yaml" : "string",
"role_mappings" : {
"default_roles" : [
"string"
],
"rules" : [
{
"roles" : [
"string"
],
"type" : "string",
"value" : "string"
}
]
},
"urls" : [
"string"
],
"user_search" : {
"base_dn" : "string",
"filter" : "string",
"scope" : "string"
}
}