Verify X-PACK LDAP Parameter Names - "realms." May Be Missing From The Heirarchy #244
Description
I am concerned that several of the parameters associated with X-PACK LDAP configuration may be wrongly defined in the documentation.
The documentation references "xpack.security.authc.active_directory.files.role_mapping" as the parameter to include when specifying a non-default path for the role_mapping file; I have determined that the correct parameter name should be "xpack.security.authc.realms.active_directory.files.role_mapping". Note that if the former version of the parameter is entered in an elasticsearch configuration file ("elasticsearch.yml") the elasticsearch instance will not start; it does start if the corrected version of the parameter is included in the configuration file.
The "<subparm1>.<subparm2>....<subparmN>" structure of these parameter names reflects a strict hierarchy within LDAP, and the omission of the "realms" subparm in this hierarchy renders the parameter name invalid. A brief review of other LDAP parameters in the doc shows that several others are also missing the "realms" subparm: See https://www.elastic.co/guide/en/x-pack/5.6/mapping-roles.html#mapping-roles-file for a listing of 3 different parameters which omit "realms." and which may be wrong.
See https://github.com/elastic/x-pack-elasticsearch/blob/master/plugin/src/main/java/org/elasticsearch/xpack/security/authc/RealmSettings.java#L58 for the definition of these parameters in the source code.