You're correct. Technically. There isn't an error. We are just unable to authenticate users that are in a sub_tree domain.
We did try using active_directory realm but ran into issue. The issues being that it was trying to use the auth.username & auth.password to authenticate against the ad collection for querying. Even when we specified another user.
Thinking back to this now.. we may have mislead ourselves looking at the DEBUG level logging and considering it ERROR. I'll try again tomorrow with the active_directory realm and see if I'm correct.
In the meantime, I've created multiple ldap realms for each sub domain (we have 4). Don't know if this is a correct approach.
Another question, we have 3 nodes for our elastic cluster. Do each have to have the same configuration (aside from the minor node names/addresses)?
Thanks