You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: deploy-manage/users-roles/cluster-or-deployment-auth/active-directory.md
+4-8Lines changed: 4 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -114,7 +114,6 @@ To integrate with Active Directory, you configure an `active_directory` realm an
114
114
115
115
4. Restart {{es}}.
116
116
117
-
118
117
## Step 2: Configure a bind user (Optional) [ece-ad-configuration-with-bind-user]
119
118
120
119
You can choose to configure an Active Directory realm using a bind user.
@@ -234,7 +233,7 @@ POST /_security/role_mapping/ldap-superuser <1>
234
233
### Example: Using a role mapping file [ece_using_the_role_mapping_files_2]
235
234
236
235
:::{tip}
237
-
If you're using {{ece}} or {{ech}}, then you must [upload this file as a custom bundle](/deploy-manage/deploy/elastic-cloud/upload-custom-plugins-bundles.md) before it can be referenced. If you're using {{eck}}, then install it as a [custom configuration file](/deploy-manage/deploy/cloud-on-k8s/custom-configuration-files-plugins.md).
236
+
If you're using {{ece}} or {{ech}}, then you must [upload this file as a custom bundle](/deploy-manage/deploy/elastic-cloud/upload-custom-plugins-bundles.md) before it can be referenced. If you're using {{eck}}, then install it as a [custom configuration file](/deploy-manage/deploy/cloud-on-k8s/custom-configuration-files-plugins.md). If you're using a self-managed cluster, then the file must be present on each node.
To protect the user credentials that are sent for authentication, you should encrypt communications between {{es}} and your Active Directory server. Connecting using SSL/TLS ensures that the identity of the Active Directory server is authenticated before {{es}} transmits the user credentials and the usernames and passwords are encrypted in transit.
292
291
293
-
Clients and nodes that connect using SSL/TLS to the Active Directory server need to have the Active Directory server’s certificate or the server’s root CA certificate installed in their keystore or truststore.
292
+
Clients and nodes that connect using SSL/TLS to the Active Directory server need to have the Active Directory server’s certificate or the server’s root CA certificate installed in their keystore or trust store.
294
293
295
294
If you're using {{ech}} or {{ece}}, then you must [upload your certificate as a custom bundle](/deploy-manage/deploy/elastic-cloud/upload-custom-plugins-bundles.md) before it can be referenced.
296
295
@@ -301,11 +300,6 @@ If you're using {{eck}}, then install it as a [custom configuration file](/deplo
301
300
If you're using {{ece}} or {{ech}}, then these steps are required only if TLS is enabled and the Active Directory controller is using self-signed certificates.
302
301
:::
303
302
304
-
:::{note}
305
-
306
-
307
-
The following example demonstrates how to trust a CA certificate (`cacert.pem`), which is located within the configuration directory.
308
-
309
303
::::{admonition} Certificate formats
310
304
The following example uses a PEM encoded certificate. If your CA certificate is available as a `JKS` or `PKCS#12` keystore, you can reference it in the user settings. For example:
311
305
@@ -318,6 +312,8 @@ If the keystore is also password protected (which isn’t typical for keystores
318
312
319
313
::::
320
314
315
+
The following example demonstrates how to trust a CA certificate (`cacert.pem`), which is located within the configuration directory.
0 commit comments