The Proxy LDAP Workflow Element provides access to an LDAP server.
The Proxy LDAP Workflow Element component inherits from the Workflow Element
The following components have a direct AGGREGATION relation FROM Proxy LDAP Workflow Elements :
A description of each property follows.
Basic Properties: | Advanced Properties: |
---|---|
↓ client-cred-mode | ↓ exclude-list |
↓ enabled | ↓ include-list |
↓ ldap-server-extension | ↓ java-class |
↓ remote-ldap-server-bind-dn | ↓ log-silent-bind-response-controls |
↓ remote-ldap-server-bind-password | ↓ never-bind |
↓ remote-ldap-server-bind-password-file | ↓ never-bind-user-password-attribute |
↓ use-proxy-auth | ↓ password-policy-dn |
Description | Specifies the way the proxy server binds to the remote LDAP server. Possible values are "use-specific-identity", "use-client-identity" and "use-proxy-auth". Note that the value "use-proxy-auth" is deprecated and the "use-proxy-auth" flag should be used instead. |
Default Value | None |
Allowed Values | use-client-identity - This Proxy LDAP Workflow Element forwards the requests with the identity of the client. use-proxy-auth - This Proxy LDAP Workflow Element adds a proxy authorization control to the request. The autorization ID of this control is the bind DN of the incoming request. The requests are forwarded with the identity of the user specified with the parameters remote-ldap-server-bind-dn and remote-ldap-server-bind-password (or remote-ldap-server-bind-password-file if password is stored in a file). This bind mode is deprecated (it is present only for backward compatibility reason). To replace the use-proxy-auth bind mode, use the use-specific-identity bind mode and set the use-proxy-auth flag to true. use-specific-identity - This Proxy LDAP Workflow Element forwards the requests with the identity of the user specified with the parameters remote-ldap-server-bind-dn and remote-ldap-server-bind-password (or remote-ldap-server-bind-password-file if password is stored in a file). |
Multi-valued | No |
Required | Yes |
Admin Action Required | None |
Advanced Property | No |
Read-only | No |
Description | Indicates whether the Workflow Element is enabled for use in the server. If a Workflow Element is not enabled, then its contents are not accessible when processing operations. |
Default Value | None |
Allowed Values | true false |
Multi-valued | No |
Required | Yes |
Admin Action Required | None |
Advanced Property | No |
Read-only | No |
Description | Identifies the LDAP server extension configured for this Proxy LDAP Workflow Element. Specifies the remote server extension to forward requests to. |
Default Value | None |
Allowed Values | The DN of any Extension. The referenced LDAP server must be enabled. |
Multi-valued | No |
Required | Yes |
Admin Action Required | None |
Advanced Property | No |
Read-only | No |
Description | DN which will be used to connect to a remote server. This DN must exist on the remote server. The value "" denotes the anonymous credentials. If "" is provided then the remote-ldap-server-bind-password and remote-ldap-server-bind-password-file properties are ignored. This must be a valid DN. |
Default Value | None |
Allowed Values | A String |
Multi-valued | No |
Required | No |
Admin Action Required | None |
Advanced Property | No |
Read-only | No |
remote-ldap-server-bind-password
Description | Password which will be used to connect to the remote server. This is a string. |
Default Value | None |
Allowed Values | A String |
Multi-valued | No |
Required | No |
Admin Action Required | None |
Advanced Property | No |
Read-only | No |
remote-ldap-server-bind-password-file
Description | File which contains the password which will be used to connect to the remote server. This must be a valid path. |
Default Value | None |
Allowed Values | A String |
Multi-valued | No |
Required | No |
Admin Action Required | None |
Advanced Property | No |
Read-only | No |
Description | This flag indicates whether the Ldap connector can use the proxy authorization control. When the Ldap connector has bound a connection using the proxy credentials, then it can pass to the remote backend the client identity using the proxy authorization control along with the requests. To use the proxy authorization control set the use-proxy-auth flag to true. |
Default Value | false |
Allowed Values | true false |
Multi-valued | No |
Required | No |
Admin Action Required | None |
Advanced Property | No |
Read-only | No |
Description | The list contains a set of DNs. If the client bind DN is a descendant of one DNs of the exclude list, then the authentication against the remote server will be performed using the proxy credentials, regardless the content of the include list. |
Default Value | By default, the exclude list is empty, meaning that the exclude list will not prevent the authentication against the remote server to use the client credentials, as long as the client bind DN is a descendant of one DN of the include list, or the include list is empty. |
Allowed Values | A String |
Multi-valued | Yes |
Required | No |
Admin Action Required | None |
Advanced Property | Yes |
Read-only | No |
Description | The list contains a set of DNs. If the client bind DN is a descendant of one of the DNs in the list, or if the list is empty, then the client credentials can be used to perform its authentication against the remote server (given that the client bind DN is not a descendant of any DN of the exclude list). If the never-bind flag is disabled the a silent-bind is performed for the authentication. If the never-bind flag is enabled, the user's entry is retrieved from the remote server and the credentials are checked locally. |
Default Value | By default, the include list is empty, meaning that the client credentials are always used to perform the authentication against the remote server, unless the client bind DN is a descendant of one DN of the exclude list. |
Allowed Values | A String |
Multi-valued | Yes |
Required | No |
Admin Action Required | None |
Advanced Property | Yes |
Read-only | No |
Description | Specifies the fully-qualified name of the Java class that provides the Proxy LDAP Workflow Element implementation. |
Default Value | com.sun.dps.server.workflowelement.proxyldap.ProxyLdapWorkflowElement |
Allowed Values | A java class that implements or extends the class(es) : org.opends.server.workflowelement.WorkflowElement |
Multi-valued | No |
Required | Yes |
Admin Action Required | None |
Advanced Property | Yes |
Read-only | No |
log-silent-bind-response-controls
Description | Indicates whether the logging of the silent-bind response controls is enabled. This flag determines whether the controls contained in the responses of silent-bind operations are logged in the access log or not. When the flag is enabled, an extra field is added in the log entry. This field is named 'controls' and contains at least the OID of all controls present in the silent-bind responses. Each control information is enclosed between '(' and ')' and controls are separated with comma. |
Default Value | false |
Allowed Values | true false |
Multi-valued | No |
Required | No |
Admin Action Required | None |
Advanced Property | Yes |
Read-only | No |
Description | Indicates whether the never-bind is enabled. This flag determines whether the user's password should be checked locally. When the never-bind flag is enabled then the Bind operations and silent binds are intercepted and local validations of the user's password are performed. A search operation is executed to retrieve the user's password from the remote peer and the credentials are checked locally. By default the never-bind flag is disabled and Bind operations are forwarded to the remote Ldap server identified by the associated Ldap server extension. |
Default Value | false |
Allowed Values | true false |
Multi-valued | No |
Required | No |
Admin Action Required | None |
Advanced Property | Yes |
Read-only | No |
never-bind-user-password-attribute
Description | This attribute defines the description of the attribute that identifies the user's credentials on the remote server. It is relevant only when the never-bind flag is enabled. When this attribute is omitted the default value "userPassword" is used instead. A string defining the attribute description denoting the user's credentials on the remote server. |
Default Value | userPassword |
Allowed Values | A String |
Multi-valued | No |
Required | No |
Admin Action Required | None |
Advanced Property | Yes |
Read-only | No |
Description | Attribute specifying which password policy is to be used to govern the proxy administrative password. |
Default Value | cn=Ldap Proxy Password Policy,cn=Password Policies,cn=config |
Allowed Values | A valid DN. |
Multi-valued | No |
Required | Yes |
Admin Action Required | None |
Advanced Property | Yes |
Read-only | No |