Trying to set up ver 7 and some of the new settings in the yml are confusing.
xpack.security.authc.realms:
active_directory.realm2:
dhp_ad:
order: 1
enabled: true
domain_name: company.com
url:
- ldaps://company.com:636
- ldaps://company.com:636
- ldaps://company.com:636
- ldaps://company.com:636
- ldaps://company.com:636
- ldaps://company.com:636
load_balance:
type: round_robin
bind_dn: CN=company DC
secure_bind_password: password
ssl:
certificate_authorities: [ "config/certs/secure.pem" ]
Does this look correct? I was getting some different info from the upgrade assistant and the 7 doc.
ikakavas
April 19, 2019, 10:04am
2
Hi,
There are a couple of things that are wrong here:
active_directory.realm2:
dhp_ad:
You have added two name identifiers for the realm, you need to keep either realm2 or dhp_ad but not both.
secure_bind_password is a secure setting and as such needs to be added to the elasticsearch.keystore
enabled: true is not necessary, this is the default value.
You'd get the same information if you attempted to start elasticserach with the config above, as we do validate the configuration at startup.
Can you point out which part of the documentation or the settings were confusing to you? Maybe we can do a better job at documenting those.
Thank you!! that was good info. To be clear.
I need either one of these:
active_directory.realm2:
or
active_directory.dhp_ad:
or ??
active_directory:
ikakavas
April 19, 2019, 1:29pm
4
The syntax is xpack.security.authc.realms.<realm_type>.<realm_name>: . The realm type is active_directory since you want to use AD, and you can name your realm whatever you want, realm2, or dhp_ad , it doesn't matter, you need to pick 1 name though.
active_directory.dhp_ad:
is exactly the same as
active_directory:
dhp_ad:
1 Like
system
May 17, 2019, 1:37pm
6
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.