[docs] change `active-directory` to `active_directory`

In the documentation reorgantization for Shield, the type of the active directory realm changed
and is not valid. Users are configuring Shield incorrectly and running into issues because of
this. This changes the realm type to the correct value.

Closes elastic/elasticsearch#291

Original commit: elastic/x-pack-elasticsearch@7f8b65eda7
This commit is contained in:
jaymode 2015-07-17 19:07:52 -04:00
parent 7a00cf9cdf
commit 4f1aaa8882
4 changed files with 10 additions and 10 deletions

View File

@ -7,7 +7,7 @@ For other types of realms, you configure role mappings for users and groups in a
the name and location of the mapping file by configuring the appropriate `role_mapping` setting in `elasticsearch.yml`: the name and location of the mapping file by configuring the appropriate `role_mapping` setting in `elasticsearch.yml`:
`shield.authc.ldap.files.role_mapping` :: The location of the role mapping file for LDAP realms. `shield.authc.ldap.files.role_mapping` :: The location of the role mapping file for LDAP realms.
`shield.authc.active-directory.files.role_mapping` :: The location of the role mapping file for Active Directory realms. `shield.authc.active_directory.files.role_mapping` :: The location of the role mapping file for Active Directory realms.
`shield.authc.pki.files.role_mapping` :: The location of the role mapping file for PKI realms. `shield.authc.pki.files.role_mapping` :: The location of the role mapping file for PKI realms.
Within the role mapping file, Elasticsearch roles are keys and groups Within the role mapping file, Elasticsearch roles are keys and groups

View File

@ -200,7 +200,7 @@ shield.authc.realms:
... ...
realm3: realm3:
type: active-directory type: active_directory
order: 2 order: 2
... ...
... ...
@ -210,7 +210,7 @@ shield.authc.realms:
[options="header"] [options="header"]
|====== |======
| Name | Required | Default | Description | Name | Required | Default | Description
| `type` | yes | - | The type of the reamlm (currently `esusers`, `ldap` or `active-directory`) | `type` | yes | - | The type of the reamlm (currently `esusers`, `ldap` or `active_directory`)
| `order` | no | Integer.MAX_VALUE | The priority of the realm within the realm chain | `order` | no | Integer.MAX_VALUE | The priority of the realm within the realm chain
| `enabled` | no | true | Enable/disable the realm | `enabled` | no | true | Enable/disable the realm
|====== |======

View File

@ -66,7 +66,7 @@ shield.authc:
... ...
ad1: ad1:
type: active-directory type: active_directory
order: 3 order: 3
url: 'url_to_ad' url: 'url_to_ad'
---------------------------------------- ----------------------------------------
@ -74,7 +74,7 @@ shield.authc:
As can be seen above, each realm has a unique name that identifies it. There are three settings that are common to all As can be seen above, each realm has a unique name that identifies it. There are three settings that are common to all
realms: realms:
* `type` (required) - Identifies the type of the ream (currently can be `esusers`, `ldap` or `active-directory`). The realm * `type` (required) - Identifies the type of the ream (currently can be `esusers`, `ldap` or `active_directory`). The realm
type determines what other settings the realms should be configured with. type determines what other settings the realms should be configured with.
* `order` (optional) - Defines the priority/index of the realm within the realm chain. This will determine when the realm * `order` (optional) - Defines the priority/index of the realm within the realm chain. This will determine when the realm
will be consulted during authentication. will be consulted during authentication.
@ -91,7 +91,7 @@ The realm types can roughly be categorized to two categories:
* `external` - External realm types are realms that require interaction with parties/components external to Elasticsearch, * `external` - External realm types are realms that require interaction with parties/components external to Elasticsearch,
typically, with enterprise level identity management systems. Unlike the `internal` realms, there can be typically, with enterprise level identity management systems. Unlike the `internal` realms, there can be
as many `external` realms as one would like - each with a unique name and different settings. (Currently as many `external` realms as one would like - each with a unique name and different settings. (Currently
the only `external` realm types that exist are `ldap` and `active-directory`). the only `external` realm types that exist are `ldap`, `active_directory`, and `pki`).
include::setting-up-authentication/enabling-anonymous-access.asciidoc[] include::setting-up-authentication/enabling-anonymous-access.asciidoc[]

View File

@ -31,7 +31,7 @@ server. These certificates should be put into each node's keystore/truststore.
==== Active Directory Realm Configuration ==== Active Directory Realm Configuration
Like all realms, the `active-directory` realm is configured under the `shield.authc.realms` settings namespace in the Like all realms, the `active_directory` realm is configured under the `shield.authc.realms` settings namespace in the
`elasticsearch.yml` file. The following snippet shows an example of such configuration: `elasticsearch.yml` file. The following snippet shows an example of such configuration:
.Example Active Directory Configuration .Example Active Directory Configuration
@ -40,8 +40,8 @@ Like all realms, the `active-directory` realm is configured under the `shield.au
shield: shield:
authc: authc:
realms: realms:
active-directory: active_directory:
type: active-directory type: active_directory
order: 0 order: 0
domain_name: example.com domain_name: example.com
unmapped_groups_as_roles: true unmapped_groups_as_roles: true
@ -53,7 +53,7 @@ shield:
.Active Directory Realm Settings .Active Directory Realm Settings
|======================= |=======================
| Setting | Required | Description | Setting | Required | Description
| `type` | yes | Indicates the realm type and must be set to `active-directory` | `type` | yes | Indicates the realm type and must be set to `active_directory`
| `order` | no | Indicates the priority of this realm within the realm chain. Realms with lower order will be consulted first. Although not required, it is highly recommended to explicitly set this value when multiple realms are configured. Defaults to `Integer.MAX_VALUE`. | `order` | no | Indicates the priority of this realm within the realm chain. Realms with lower order will be consulted first. Although not required, it is highly recommended to explicitly set this value when multiple realms are configured. Defaults to `Integer.MAX_VALUE`.
| `enabled` | no | Indicates whether this realm is enabled/disabled. Provides an easy way to disable realms in the chain without removing their configuration. Defaults to `true`. | `enabled` | no | Indicates whether this realm is enabled/disabled. Provides an easy way to disable realms in the chain without removing their configuration. Defaults to `true`.
| `domain_name` | yes | Specifies the domain name of the Active Directory. The cluster can derive the LDAP URL and `user_search_dn` fields from values in this element if those fields are not otherwise specified. | `domain_name` | yes | Specifies the domain name of the Active Directory. The cluster can derive the LDAP URL and `user_search_dn` fields from values in this element if those fields are not otherwise specified.