honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[DOCS] Replace deprecated ldap setting (#36022)

This commit is contained in:
Lisa Cawley 2018-11-30 16:58:19 -08:00 committed by GitHub
parent 0e1ddfd825
commit 46962308aa
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 13 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
x-pack/docs/en/security/authentication/configuring-ldap-realm.asciidoc
View File

@ -2,12 +2,12 @@
[[configuring-ldap-realm]] [[configuring-ldap-realm]]
=== Configuring an LDAP realm === Configuring an LDAP realm
You can configure {security} to communicate with a Lightweight Directory Access You can configure {es} to authenticate users by communicating with a Lightweight
Protocol (LDAP) server to authenticate users. To integrate with LDAP, you Directory Access Protocol (LDAP) server. To integrate with LDAP, you configure
configure an `ldap` realm and map LDAP groups to user roles. an `ldap` realm and map LDAP groups to user roles.
For more information about LDAP realms, see For more information about LDAP realms, see
{xpack-ref}/ldap-realm.html[LDAP User Authentication]. {stack-ov}/ldap-realm.html[LDAP User Authentication].
. Determine which mode you want to use. The `ldap` realm supports two modes of . Determine which mode you want to use. The `ldap` realm supports two modes of
operation, a user search mode and a mode with specific templates for user DNs. operation, a user search mode and a mode with specific templates for user DNs.
@ -52,7 +52,7 @@ xpack:
bind_dn: "cn=ldapuser, ou=users, o=services, dc=example, dc=com" bind_dn: "cn=ldapuser, ou=users, o=services, dc=example, dc=com"
user_search: user_search:
base_dn: "dc=example,dc=com" base_dn: "dc=example,dc=com"
attribute: cn filter: "(cn={0})"
group_search: group_search:
base_dn: "dc=example,dc=com" base_dn: "dc=example,dc=com"
files: files:
@ -115,12 +115,13 @@ All LDAP operations run as the authenticating user.
-- --
. (Optional) Configure how {security} should interact with multiple LDAP servers. . (Optional) Configure how the {security-features} interact with multiple LDAP
servers.
+ +
-- --
The `load_balance.type` setting can be used at the realm level. {security} The `load_balance.type` setting can be used at the realm level. The {es}
supports both failover and load balancing modes of operation. See {security-features} support both failover and load balancing modes of operation.
<<ref-ldap-settings>>. See <<ref-ldap-settings>>.
-- --
. (Optional) To protect passwords, . (Optional) To protect passwords,
@ -186,9 +187,9 @@ user:
<3> The LDAP distinguished name (DN) of the `users` group. <3> The LDAP distinguished name (DN) of the `users` group.
For more information, see For more information, see
{xpack-ref}/ldap-realm.html#mapping-roles-ldap[Mapping LDAP Groups to Roles] {stack-ov}/ldap-realm.html#mapping-roles-ldap[Mapping LDAP Groups to Roles]
and and
{xpack-ref}/mapping-roles.html[Mapping Users and Groups to Roles]. {stack-ov}/mapping-roles.html[Mapping Users and Groups to Roles].
NOTE: The LDAP realm supports NOTE: The LDAP realm supports
{stack-ov}/realm-chains.html#authorization_realms[authorization realms] as an {stack-ov}/realm-chains.html#authorization_realms[authorization realms] as an
@ -202,7 +203,7 @@ fields in the user's metadata.
-- --
By default, `ldap_dn` and `ldap_groups` are populated in the user's metadata. By default, `ldap_dn` and `ldap_groups` are populated in the user's metadata.
For more information, see For more information, see
{xpack-ref}/ldap-realm.html#ldap-user-metadata[User Metadata in LDAP Realms]. {stack-ov}/ldap-realm.html#ldap-user-metadata[User Metadata in LDAP Realms].
The example below includes the user's common name (`cn`) as an additional The example below includes the user's common name (`cn`) as an additional
field in their metadata. field in their metadata.