diff --git a/docs/reference/redirects.asciidoc b/docs/reference/redirects.asciidoc index cc03211b7b8ee..b81427732f3c7 100644 --- a/docs/reference/redirects.asciidoc +++ b/docs/reference/redirects.asciidoc @@ -1022,3 +1022,18 @@ See <>. See <>. +[role="exclude",id="configuring-ad-realm"] +=== Configuring an Active Directory realm + +See <>. + +[role="exclude",id="ad-settings"] +=== Active Directory realm settings + +See <>. + +[role="exclude",id="mapping-roles-ad"] +=== Mapping Active Directory users and groups to roles + +See <>. + diff --git a/x-pack/docs/en/security/authentication/active-directory-realm.asciidoc b/x-pack/docs/en/security/authentication/active-directory-realm.asciidoc index 0aadb6fb4f0ba..016395018dab8 100644 --- a/x-pack/docs/en/security/authentication/active-directory-realm.asciidoc +++ b/x-pack/docs/en/security/authentication/active-directory-realm.asciidoc @@ -3,11 +3,7 @@ === Active Directory user authentication You can configure {stack} {security-features} to communicate with Active -Directory to authenticate users. To integrate with Active Directory, you -configure an `active_directory` realm and map Active Directory users and groups -to roles in the <>. - -See <>. +Directory to authenticate users. See <>. The {security-features} use LDAP to communicate with Active Directory, so `active_directory` realms are similar to <>. Like @@ -33,25 +29,10 @@ Active Directory. Once the user has been found, the Active Directory realm then retrieves the user's group memberships from the `tokenGroups` attribute on the user's entry in Active Directory. -[[ad-load-balancing]] -==== Load balancing and failover -The `load_balance.type` setting can be used at the realm level to configure how -the {security-features} should interact with multiple Active Directory servers. -Two modes of operation are supported: failover and load balancing. - -See -<>. - -[[ad-settings]] -==== Active Directory realm settings - -See -<>. - -[[mapping-roles-ad]] -==== Mapping Active Directory users and groups to roles +[[ad-realm-configuration]] +==== Configuring an Active Directory realm -See <>. +include::configuring-active-directory-realm.asciidoc[] [[ad-user-metadata]] ==== User metadata in Active Directory realms @@ -73,6 +54,15 @@ This metadata is returned in the Additional metadata can be extracted from the Active Directory server by configuring the `metadata` setting on the Active Directory realm. +[[ad-load-balancing]] +==== Load balancing and failover +The `load_balance.type` setting can be used at the realm level to configure how +the {security-features} should interact with multiple Active Directory servers. +Two modes of operation are supported: failover and load balancing. + +See +<>. + [[active-directory-ssl]] ==== Setting up SSL between Elasticsearch and Active Directory diff --git a/x-pack/docs/en/security/authentication/configuring-active-directory-realm.asciidoc b/x-pack/docs/en/security/authentication/configuring-active-directory-realm.asciidoc index 061ba519a545e..6c76623dd4ea2 100644 --- a/x-pack/docs/en/security/authentication/configuring-active-directory-realm.asciidoc +++ b/x-pack/docs/en/security/authentication/configuring-active-directory-realm.asciidoc @@ -1,14 +1,6 @@ -[role="xpack"] -[[configuring-ad-realm]] -=== Configuring an Active Directory realm - -You can configure {es} to communicate with Active Directory to authenticate -users. To integrate with Active Directory, you configure an `active_directory` +To integrate with Active Directory, you configure an `active_directory` realm and map Active Directory users and groups to roles in the role mapping file. -For more information about Active Directory realms, see -<>. - . Add a realm configuration of type `active_directory` to `elasticsearch.yml` under the `xpack.security.authc.realms.active_directory` namespace. At a minimum, you must specify the Active Directory `domain_name`. diff --git a/x-pack/docs/en/security/authorization/run-as-privilege.asciidoc b/x-pack/docs/en/security/authorization/run-as-privilege.asciidoc index 05b63aab8842e..3e860e38fa417 100644 --- a/x-pack/docs/en/security/authorization/run-as-privilege.asciidoc +++ b/x-pack/docs/en/security/authorization/run-as-privilege.asciidoc @@ -12,7 +12,7 @@ To "run as" (impersonate) another user, you must be able to retrieve the user fr the realm you use to authenticate. Both the internal `native` and `file` realms support this out of the box. The LDAP realm must be configured to run in <>. The Active Directory realm must be -<> to support +<> to support _run as_. The PKI, Kerberos, and SAML realms do not support _run as_. To submit requests on behalf of other users, you need to have the `run_as` diff --git a/x-pack/docs/en/security/configuring-es.asciidoc b/x-pack/docs/en/security/configuring-es.asciidoc index ff0563643e861..053e8afbf29b9 100644 --- a/x-pack/docs/en/security/configuring-es.asciidoc +++ b/x-pack/docs/en/security/configuring-es.asciidoc @@ -72,7 +72,7 @@ TIP: The types of authentication realms that you can enable varies according to your subscription. For more information, see https://www.elastic.co/subscriptions. -- -** <> +** <> ** <> ** <> ** <> @@ -137,8 +137,6 @@ Events are logged to a dedicated `_audit.json` file in To walk through the configuration of {security-features} in {es}, {kib}, {ls}, and {metricbeat}, see <>. -include::authentication/configuring-active-directory-realm.asciidoc[] - include::reference/files.asciidoc[] include::fips-140-compliance.asciidoc[] diff --git a/x-pack/docs/en/security/securing-communications/tls-ad.asciidoc b/x-pack/docs/en/security/securing-communications/tls-ad.asciidoc index 48278f8336597..b8e35a983ce1b 100644 --- a/x-pack/docs/en/security/securing-communications/tls-ad.asciidoc +++ b/x-pack/docs/en/security/securing-communications/tls-ad.asciidoc @@ -13,7 +13,7 @@ to have the Active Directory server's certificate or the server's root CA certificate installed in their keystore or truststore. . Create the realm configuration for the `xpack.security.authc.realms` namespace -in the `elasticsearch.yml` file. See <>. +in the `elasticsearch.yml` file. See <>. . Set the `url` attribute in the realm configuration to specify the LDAPS protocol and the secure port number. For example, `url: ldaps://ad.example.com:636`.