[DOCS] [Security] Templates do not use bind_dn (elastic/x-pack-elasticsearch#1979)

Document that user_dn_template mode for LDAP authentication does not support bind_dn Original commit: elastic/x-pack-elasticsearch@eef72615a8
2025-02-23 13:26:02 +00:00 · 2017-07-13 14:23:23 +10:00 · 2017-07-13 14:23:23 +10:00 · a36121a725
commit a36121a725
parent 84ee21ed26
2 changed files with 5 additions and 1 deletions
--- a/docs/en/security/authentication/ldap-realm.asciidoc
+++ b/docs/en/security/authentication/ldap-realm.asciidoc
@ -85,7 +85,7 @@ users, you can use User DN templates to configure the realm. The advantage of
 this method is that a search does not have to be performed to find the user DN.
 However, multiple bind operations might be needed to find the correct user DN.

-To configure an `ldap` Realm with User Search:
+To configure an `ldap` Realm with User DN templates:

 . Add a realm configuration of type `ldap` to `elasticsearch.yml` in the
 `xpack.security.authc.realms` namespace. At a minimum, you must set the realm `type` to
@ -119,6 +119,9 @@ xpack:

 . Restart Elasticsearch

+IMPORTANT: The `bind_dn` setting is not used in template mode.
+All LDAP operations will execute as the authenticating user.
+

 [[ldap-load-balancing]]
 ===== Load Balancing and Failover
--- a/docs/en/settings/security-settings.asciidoc
+++ b/docs/en/settings/security-settings.asciidoc
@ -155,6 +155,7 @@ to `1h`.

 `bind_dn`::
 The DN of the user that will be used to bind to the LDAP and perform searches.
+Only applicable in {xpack-ref}/ldap-realm.html#ldap-user-search[user search mode].
 If this is not specified, an anonymous bind will be attempted.
 Defaults to Empty.