[docs] change `active-directory` to `active_directory`
In the documentation reorgantization for Shield, the type of the active directory realm changed and is not valid. Users are configuring Shield incorrectly and running into issues because of this. This changes the realm type to the correct value. Closes elastic/elasticsearch#291 Original commit: elastic/x-pack-elasticsearch@7f8b65eda7
This commit is contained in:
parent
7a00cf9cdf
commit
4f1aaa8882
|
@ -7,7 +7,7 @@ For other types of realms, you configure role mappings for users and groups in a
|
||||||
the name and location of the mapping file by configuring the appropriate `role_mapping` setting in `elasticsearch.yml`:
|
the name and location of the mapping file by configuring the appropriate `role_mapping` setting in `elasticsearch.yml`:
|
||||||
|
|
||||||
`shield.authc.ldap.files.role_mapping` :: The location of the role mapping file for LDAP realms.
|
`shield.authc.ldap.files.role_mapping` :: The location of the role mapping file for LDAP realms.
|
||||||
`shield.authc.active-directory.files.role_mapping` :: The location of the role mapping file for Active Directory realms.
|
`shield.authc.active_directory.files.role_mapping` :: The location of the role mapping file for Active Directory realms.
|
||||||
`shield.authc.pki.files.role_mapping` :: The location of the role mapping file for PKI realms.
|
`shield.authc.pki.files.role_mapping` :: The location of the role mapping file for PKI realms.
|
||||||
|
|
||||||
Within the role mapping file, Elasticsearch roles are keys and groups
|
Within the role mapping file, Elasticsearch roles are keys and groups
|
||||||
|
|
|
@ -200,7 +200,7 @@ shield.authc.realms:
|
||||||
...
|
...
|
||||||
|
|
||||||
realm3:
|
realm3:
|
||||||
type: active-directory
|
type: active_directory
|
||||||
order: 2
|
order: 2
|
||||||
...
|
...
|
||||||
...
|
...
|
||||||
|
@ -210,7 +210,7 @@ shield.authc.realms:
|
||||||
[options="header"]
|
[options="header"]
|
||||||
|======
|
|======
|
||||||
| Name | Required | Default | Description
|
| Name | Required | Default | Description
|
||||||
| `type` | yes | - | The type of the reamlm (currently `esusers`, `ldap` or `active-directory`)
|
| `type` | yes | - | The type of the reamlm (currently `esusers`, `ldap` or `active_directory`)
|
||||||
| `order` | no | Integer.MAX_VALUE | The priority of the realm within the realm chain
|
| `order` | no | Integer.MAX_VALUE | The priority of the realm within the realm chain
|
||||||
| `enabled` | no | true | Enable/disable the realm
|
| `enabled` | no | true | Enable/disable the realm
|
||||||
|======
|
|======
|
||||||
|
|
|
@ -66,7 +66,7 @@ shield.authc:
|
||||||
...
|
...
|
||||||
|
|
||||||
ad1:
|
ad1:
|
||||||
type: active-directory
|
type: active_directory
|
||||||
order: 3
|
order: 3
|
||||||
url: 'url_to_ad'
|
url: 'url_to_ad'
|
||||||
----------------------------------------
|
----------------------------------------
|
||||||
|
@ -74,7 +74,7 @@ shield.authc:
|
||||||
As can be seen above, each realm has a unique name that identifies it. There are three settings that are common to all
|
As can be seen above, each realm has a unique name that identifies it. There are three settings that are common to all
|
||||||
realms:
|
realms:
|
||||||
|
|
||||||
* `type` (required) - Identifies the type of the ream (currently can be `esusers`, `ldap` or `active-directory`). The realm
|
* `type` (required) - Identifies the type of the ream (currently can be `esusers`, `ldap` or `active_directory`). The realm
|
||||||
type determines what other settings the realms should be configured with.
|
type determines what other settings the realms should be configured with.
|
||||||
* `order` (optional) - Defines the priority/index of the realm within the realm chain. This will determine when the realm
|
* `order` (optional) - Defines the priority/index of the realm within the realm chain. This will determine when the realm
|
||||||
will be consulted during authentication.
|
will be consulted during authentication.
|
||||||
|
@ -91,7 +91,7 @@ The realm types can roughly be categorized to two categories:
|
||||||
* `external` - External realm types are realms that require interaction with parties/components external to Elasticsearch,
|
* `external` - External realm types are realms that require interaction with parties/components external to Elasticsearch,
|
||||||
typically, with enterprise level identity management systems. Unlike the `internal` realms, there can be
|
typically, with enterprise level identity management systems. Unlike the `internal` realms, there can be
|
||||||
as many `external` realms as one would like - each with a unique name and different settings. (Currently
|
as many `external` realms as one would like - each with a unique name and different settings. (Currently
|
||||||
the only `external` realm types that exist are `ldap` and `active-directory`).
|
the only `external` realm types that exist are `ldap`, `active_directory`, and `pki`).
|
||||||
|
|
||||||
|
|
||||||
include::setting-up-authentication/enabling-anonymous-access.asciidoc[]
|
include::setting-up-authentication/enabling-anonymous-access.asciidoc[]
|
||||||
|
|
|
@ -31,7 +31,7 @@ server. These certificates should be put into each node's keystore/truststore.
|
||||||
|
|
||||||
==== Active Directory Realm Configuration
|
==== Active Directory Realm Configuration
|
||||||
|
|
||||||
Like all realms, the `active-directory` realm is configured under the `shield.authc.realms` settings namespace in the
|
Like all realms, the `active_directory` realm is configured under the `shield.authc.realms` settings namespace in the
|
||||||
`elasticsearch.yml` file. The following snippet shows an example of such configuration:
|
`elasticsearch.yml` file. The following snippet shows an example of such configuration:
|
||||||
|
|
||||||
.Example Active Directory Configuration
|
.Example Active Directory Configuration
|
||||||
|
@ -40,8 +40,8 @@ Like all realms, the `active-directory` realm is configured under the `shield.au
|
||||||
shield:
|
shield:
|
||||||
authc:
|
authc:
|
||||||
realms:
|
realms:
|
||||||
active-directory:
|
active_directory:
|
||||||
type: active-directory
|
type: active_directory
|
||||||
order: 0
|
order: 0
|
||||||
domain_name: example.com
|
domain_name: example.com
|
||||||
unmapped_groups_as_roles: true
|
unmapped_groups_as_roles: true
|
||||||
|
@ -53,7 +53,7 @@ shield:
|
||||||
.Active Directory Realm Settings
|
.Active Directory Realm Settings
|
||||||
|=======================
|
|=======================
|
||||||
| Setting | Required | Description
|
| Setting | Required | Description
|
||||||
| `type` | yes | Indicates the realm type and must be set to `active-directory`
|
| `type` | yes | Indicates the realm type and must be set to `active_directory`
|
||||||
| `order` | no | Indicates the priority of this realm within the realm chain. Realms with lower order will be consulted first. Although not required, it is highly recommended to explicitly set this value when multiple realms are configured. Defaults to `Integer.MAX_VALUE`.
|
| `order` | no | Indicates the priority of this realm within the realm chain. Realms with lower order will be consulted first. Although not required, it is highly recommended to explicitly set this value when multiple realms are configured. Defaults to `Integer.MAX_VALUE`.
|
||||||
| `enabled` | no | Indicates whether this realm is enabled/disabled. Provides an easy way to disable realms in the chain without removing their configuration. Defaults to `true`.
|
| `enabled` | no | Indicates whether this realm is enabled/disabled. Provides an easy way to disable realms in the chain without removing their configuration. Defaults to `true`.
|
||||||
| `domain_name` | yes | Specifies the domain name of the Active Directory. The cluster can derive the LDAP URL and `user_search_dn` fields from values in this element if those fields are not otherwise specified.
|
| `domain_name` | yes | Specifies the domain name of the Active Directory. The cluster can derive the LDAP URL and `user_search_dn` fields from values in this element if those fields are not otherwise specified.
|
||||||
|
|
Loading…
Reference in New Issue