elastic · lcawl · Nov 18, 2019 · Nov 15, 2019 · Nov 15, 2019 · Nov 18, 2019
diff --git a/docs/reference/redirects.asciidoc b/docs/reference/redirects.asciidoc
@@ -975,3 +975,23 @@ See <<ref-saml-ssl-settings>>.
 === Configuring a file realm
 
 See <<file-realm-configuration>>. 
+
+[role="exclude",id="ldap-user-search"]
+=== User search mode and user DN templates mode
+
+See <<ldap-realm-configuration>>.
+
+[role="exclude",id="configuring-ldap-realm"]
+=== Configuring an LDAP realm
+
+See <<ldap-realm-configuration>>.
+
+[role="exclude",id="ldap-settings"]
+=== LDAP realm settings
+
+See <<ref-ldap-settings>>.
+
+[role="exclude",id="ldap-ssl"]
+=== Setting up SSL between Elasticsearch and LDAP
+
+See <<tls-ldap>>. 
diff --git a/x-pack/docs/en/security/authentication/configuring-ldap-realm.asciidoc b/x-pack/docs/en/security/authentication/configuring-ldap-realm.asciidoc
@@ -1,13 +1,5 @@
-[role="xpack"]
-[[configuring-ldap-realm]]
-=== Configuring an LDAP realm
-
-You can configure {es} to authenticate users by communicating with a Lightweight
-Directory Access Protocol (LDAP) server. To integrate with LDAP, you configure
-an `ldap` realm and map LDAP groups to user roles.
-
-For more information about LDAP realms, see 
-<<ldap-realm>>.
+To integrate with LDAP, you configure an `ldap` realm and map LDAP groups to
+user roles.
 
 . Determine which mode you want to use. The `ldap` realm supports two modes of 
 operation, a user search mode and a mode with specific templates for user DNs. 
@@ -217,3 +209,5 @@ xpack:
             metadata: cn
 --------------------------------------------------
 --
+
+. Set up SSL to encrypt communications between {es} and LDAP. See <<tls-ldap>>. 
diff --git a/x-pack/docs/en/security/authentication/ldap-realm.asciidoc b/x-pack/docs/en/security/authentication/ldap-realm.asciidoc
@@ -3,9 +3,8 @@
 === LDAP user authentication
 
 You can configure the {stack} {security-features} to communicate with a
-Lightweight Directory Access Protocol (LDAP) server to authenticate users. To
-integrate with LDAP, you configure an `ldap` realm and map LDAP groups to user
-roles in the <<mapping-roles, role mapping file>>.
+Lightweight Directory Access Protocol (LDAP) server to authenticate users. See
+<<ldap-realm-configuration>>.
 
 LDAP stores users and groups hierarchically, similar to the way folders are
 grouped in a file system. An LDAP directory's hierarchy is built from containers
@@ -20,25 +19,6 @@ for example  `"cn=admin,dc=example,dc=com"` (white spaces are ignored).
 The `ldap` realm supports two modes of operation, a user search mode
 and a mode with specific templates for user DNs. 
 
-[[ldap-user-search]]
-==== User search mode and user DN templates mode
-
-See <<configuring-ldap-realm>>.
-
-[[ldap-load-balancing]]
-==== Load balancing and failover
-The `load_balance.type` setting can be used at the realm level to configure how
-the {security-features} should interact with multiple LDAP servers. The
-{security-features} support both failover and load balancing modes of operation.
-
-See
-<<load-balancing>>.
-
-[[ldap-settings]]
-==== LDAP realm settings
-
-See <<ref-ldap-settings>>.
-
 [[mapping-roles-ldap]]
 ==== Mapping LDAP groups to roles
 
@@ -52,12 +32,16 @@ supports the notion of groups, which often represent user roles for different
 systems in the organization.
 
 The `ldap` realm enables you to map LDAP users to roles via their LDAP
-groups, or other metadata. This role mapping can be configured via the
+groups or other metadata. This role mapping can be configured via the
 <<security-api-put-role-mapping,add role mapping API>> or by using a
 file stored on each node. When a user authenticates with LDAP, the privileges
 for that user are the union of all privileges defined by the roles to which
-the user is mapped. For more information, see 
-<<configuring-ldap-realm>>.
+the user is mapped.
+
+[[ldap-realm-configuration]]
+==== Configuring an LDAP realm
+
+include::configuring-ldap-realm.asciidoc[]
 
 [[ldap-user-metadata]]
 ==== User metadata in LDAP realms
@@ -81,8 +65,10 @@ the `metadata` setting on the LDAP realm. This metadata is available for use
 with the <<mapping-roles-api, role mapping API>> or in
 <<templating-role-query, templated role queries>>.
 
-[[ldap-ssl]]
-==== Setting up SSL between Elasticsearch and LDAP
+[[ldap-load-balancing]]
+==== Load balancing and failover
+The `load_balance.type` setting can be used at the realm level to configure how
+the {security-features} should interact with multiple LDAP servers. The
+{security-features} support both failover and load balancing modes of operation.
 
-See
-<<tls-ldap>>. 
+See <<load-balancing>>.
diff --git a/x-pack/docs/en/security/authorization/run-as-privilege.asciidoc b/x-pack/docs/en/security/authorization/run-as-privilege.asciidoc
@@ -11,7 +11,7 @@ users, you can use the _run as_ mechanism to restrict data access according to
 To "run as" (impersonate) another user, you must be able to retrieve the user from
 the realm you use to authenticate. Both the internal `native` and `file` realms
 support this out of the box. The LDAP realm must be configured to run in
-<<ldap-user-search, _user search_ mode>>. The Active Directory realm must be
+<<ldap-realm-configuration,_user search_ mode>>. The Active Directory realm must be
 <<ad-settings,configured with a `bind_dn` and `secure_bind_password`>> to support
 _run as_. The PKI, Kerberos, and SAML realms do not support _run as_.
 

diff --git a/x-pack/docs/en/security/configuring-es.asciidoc b/x-pack/docs/en/security/configuring-es.asciidoc
@@ -75,7 +75,7 @@ your subscription. For more information, see https://www.elastic.co/subscription
 ** <<configuring-ad-realm,Active Directory realms>>
 ** <<file-realm,File realms>>
 ** <<configuring-kerberos-realm,Kerberos realms>>
-** <<configuring-ldap-realm,LDAP realms>>
+** <<ldap-realm,LDAP realms>>
 ** <<native-realm,Native realms>>
 ** <<configuring-pki-realm,PKI realms>>
 ** <<saml-realm,SAML realms>>
@@ -144,7 +144,6 @@ include::securing-communications/configuring-tls-docker.asciidoc[]
 include::securing-communications/enabling-cipher-suites.asciidoc[]
 
 include::authentication/configuring-active-directory-realm.asciidoc[]
-include::authentication/configuring-ldap-realm.asciidoc[]
 include::authentication/configuring-pki-realm.asciidoc[]
 include::authentication/configuring-kerberos-realm.asciidoc[]
 

diff --git a/x-pack/docs/en/security/securing-communications/tls-ldap.asciidoc b/x-pack/docs/en/security/securing-communications/tls-ldap.asciidoc
@@ -10,7 +10,7 @@ contents of the connection are encrypted. Clients and nodes that connect via
 TLS to the LDAP server need to have the LDAP server's certificate or the 
 server's root CA certificate installed in their keystore or truststore. 
 
-For more information, see <<configuring-ldap-realm>>. 
+For more information, see <<ldap-realm>>. 
 
 . Configure the realm's TLS settings on each node to trust certificates signed 
 by the CA that signed your LDAP server certificates. The following example 

diff --git a/x-pack/docs/en/security/troubleshooting.asciidoc b/x-pack/docs/en/security/troubleshooting.asciidoc
@@ -92,7 +92,7 @@ this error.
 
 Groups are located by either an LDAP search or by the "memberOf" attribute on
 the user.  Also, If subtree search is turned off, it will search only one
-level deep. For all the options, see <<ldap-settings>>.
+level deep. For all the options, see <<ref-ldap-settings>>.
 There are many options here and sticking to the defaults will not work for all
 scenarios.