diff --git a/shield/docs/public/mapping-roles.asciidoc b/shield/docs/public/mapping-roles.asciidoc index bafdd7dbdb6..c2cd8990f23 100644 --- a/shield/docs/public/mapping-roles.asciidoc +++ b/shield/docs/public/mapping-roles.asciidoc @@ -7,7 +7,7 @@ For other types of realms, you configure role mappings for users and groups in a the name and location of the mapping file by configuring the appropriate `role_mapping` setting in `elasticsearch.yml`: `shield.authc.ldap.files.role_mapping` :: The location of the role mapping file for LDAP realms. - `shield.authc.active-directory.files.role_mapping` :: The location of the role mapping file for Active Directory realms. + `shield.authc.active_directory.files.role_mapping` :: The location of the role mapping file for Active Directory realms. `shield.authc.pki.files.role_mapping` :: The location of the role mapping file for PKI realms. Within the role mapping file, Elasticsearch roles are keys and groups diff --git a/shield/docs/public/reference.asciidoc b/shield/docs/public/reference.asciidoc index b640fb56387..98e89df6824 100644 --- a/shield/docs/public/reference.asciidoc +++ b/shield/docs/public/reference.asciidoc @@ -200,7 +200,7 @@ shield.authc.realms: ... realm3: - type: active-directory + type: active_directory order: 2 ... ... @@ -210,7 +210,7 @@ shield.authc.realms: [options="header"] |====== | Name | Required | Default | Description -| `type` | yes | - | The type of the reamlm (currently `esusers`, `ldap` or `active-directory`) +| `type` | yes | - | The type of the reamlm (currently `esusers`, `ldap` or `active_directory`) | `order` | no | Integer.MAX_VALUE | The priority of the realm within the realm chain | `enabled` | no | true | Enable/disable the realm |====== diff --git a/shield/docs/public/setting-up-authentication.asciidoc b/shield/docs/public/setting-up-authentication.asciidoc index f6e2c6c5c8c..1466eac69fd 100644 --- a/shield/docs/public/setting-up-authentication.asciidoc +++ b/shield/docs/public/setting-up-authentication.asciidoc @@ -66,7 +66,7 @@ shield.authc: ... ad1: - type: active-directory + type: active_directory order: 3 url: 'url_to_ad' ---------------------------------------- @@ -74,7 +74,7 @@ shield.authc: As can be seen above, each realm has a unique name that identifies it. There are three settings that are common to all realms: -* `type` (required) - Identifies the type of the ream (currently can be `esusers`, `ldap` or `active-directory`). The realm +* `type` (required) - Identifies the type of the ream (currently can be `esusers`, `ldap` or `active_directory`). The realm type determines what other settings the realms should be configured with. * `order` (optional) - Defines the priority/index of the realm within the realm chain. This will determine when the realm will be consulted during authentication. @@ -91,7 +91,7 @@ The realm types can roughly be categorized to two categories: * `external` - External realm types are realms that require interaction with parties/components external to Elasticsearch, typically, with enterprise level identity management systems. Unlike the `internal` realms, there can be as many `external` realms as one would like - each with a unique name and different settings. (Currently - the only `external` realm types that exist are `ldap` and `active-directory`). + the only `external` realm types that exist are `ldap`, `active_directory`, and `pki`). include::setting-up-authentication/enabling-anonymous-access.asciidoc[] diff --git a/shield/docs/public/setting-up-authentication/configuring-active-directory-realm.asciidoc b/shield/docs/public/setting-up-authentication/configuring-active-directory-realm.asciidoc index 1d997a181ce..e314ae0ff8a 100644 --- a/shield/docs/public/setting-up-authentication/configuring-active-directory-realm.asciidoc +++ b/shield/docs/public/setting-up-authentication/configuring-active-directory-realm.asciidoc @@ -31,7 +31,7 @@ server. These certificates should be put into each node's keystore/truststore. ==== Active Directory Realm Configuration -Like all realms, the `active-directory` realm is configured under the `shield.authc.realms` settings namespace in the +Like all realms, the `active_directory` realm is configured under the `shield.authc.realms` settings namespace in the `elasticsearch.yml` file. The following snippet shows an example of such configuration: .Example Active Directory Configuration @@ -40,8 +40,8 @@ Like all realms, the `active-directory` realm is configured under the `shield.au shield: authc: realms: - active-directory: - type: active-directory + active_directory: + type: active_directory order: 0 domain_name: example.com unmapped_groups_as_roles: true @@ -53,7 +53,7 @@ shield: .Active Directory Realm Settings |======================= | Setting | Required | Description -| `type` | yes | Indicates the realm type and must be set to `active-directory` +| `type` | yes | Indicates the realm type and must be set to `active_directory` | `order` | no | Indicates the priority of this realm within the realm chain. Realms with lower order will be consulted first. Although not required, it is highly recommended to explicitly set this value when multiple realms are configured. Defaults to `Integer.MAX_VALUE`. | `enabled` | no | Indicates whether this realm is enabled/disabled. Provides an easy way to disable realms in the chain without removing their configuration. Defaults to `true`. | `domain_name` | yes | Specifies the domain name of the Active Directory. The cluster can derive the LDAP URL and `user_search_dn` fields from values in this element if those fields are not otherwise specified.