Specifies a set of allowed authorization methods that clients must use in order to establish connections to this Network Group.
Default Value
All authorization methods are allowed.
Allowed Values
anonymous - Unauthorized clients.
sasl - Clients who bind using SASL/external certificate based authentication.
simple - Clients who bind using simple authentication (name and password).
Multi-valued
Yes
Required
No
Admin Action Required
None. Changes to this property take effect immediately and do not interfere with connections that may have already been established.
Advanced Property
No
Read-only
No
allowed-bind-dn
Description
Specifies a set of bind DN patterns that determine the clients that are allowed to establish connections to this Network Group. Valid bind DN filters are strings composed of zero or more wildcards. A double wildcard ** replaces one or more RDN components (as in uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces either a whole RDN, or a whole type, or a value substring (as in uid=bj*,ou=people,dc=example,dc=com).
Default Value
All bind DNs are allowed.
Allowed Values
A String
Multi-valued
Yes
Required
No
Admin Action Required
None. Changes to this property take effect immediately and do not interfere with connections that may have already been established.
Advanced Property
No
Read-only
No
allowed-bind-id
Description
Specifies a set of bind id patterns that determine the clients that are allowed to establish connections to this Network Group. A bind id pattern determines whether a particular Network Group can be applied on an entry or not. Exactly one match pattern value must be provided, and it must be a valid regular expression as described in the API documentation for the java.util.regex.Pattern class, including support for capturing groups. Also note that a bind id pattern is allowed only when there is a matching identity mapper configured for this Network Group.
Default Value
All bind IDs are allowed.
Allowed Values
Any valid regular expression pattern which is supported by the javax.util.regex.Pattern class (see http://download.oracle.com/docs/cd/E17409_01/javase/6/docs/api/java/util/regex/Pattern.html for documentation about this class for Java SE 6).
Multi-valued
Yes
Required
No
Admin Action Required
None
Advanced Property
No
Read-only
No
allowed-client
Description
Specifies a set of host names or address masks that determine the clients that are allowed to establish connections to this Network Group. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask.
Default Value
All clients with addresses that do not match an address on the deny list are allowed. If there is no deny list, then all clients are allowed.
Allowed Values
An IP address mask
Multi-valued
Yes
Required
No
Admin Action Required
None. Changes to this property take effect immediately and do not interfere with connections that may have already been established.
Advanced Property
No
Read-only
No
allowed-protocol
Description
Specifies a set of allowed supported protocols that clients must use in order to establish connections to this Network Group.
Default Value
All supported protocols are allowed.
Allowed Values
ldap - Clients using LDAP are allowed.
ldaps - Clients using LDAPS are allowed.
Multi-valued
Yes
Required
No
Admin Action Required
None. Changes to this property take effect immediately and do not interfere with connections that may have already been established.
Advanced Property
No
Read-only
No
certificate-mapper
Description
Specifies the name of the certificate mapper that should be used to match client certificates to user entries.
Default Value
The global certificate mapper will be used.
Allowed Values
The DN of any Certificate Mapper. The referenced certificate mapper must be enabled when the Network Group is enabled.
Multi-valued
No
Required
No
Admin Action Required
None
Advanced Property
No
Read-only
No
denied-client
Description
Specifies a set of host names or address masks that determine the clients that are not allowed to establish connections to this Network Group. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. If both allowed and denied client masks are defined and a client connection matches one or more masks in both lists, then the connection is denied. If only a denied list is specified, then any client not matching a mask in that list is allowed.
Default Value
If an allow list is specified, then only clients with addresses on the allow list are allowed. Otherwise, all clients are allowed.
Allowed Values
An IP address mask
Multi-valued
Yes
Required
No
Admin Action Required
None. Changes to this property take effect immediately and do not interfere with connections that may have already been established.
Advanced Property
No
Read-only
No
enabled
Description
Indicates whether the Network Group is enabled for use in the server. If a Network Group is not enabled then its workflows will not be accessible when processing operations.
Default Value
None
Allowed Values
true
false
Multi-valued
No
Required
Yes
Admin Action Required
None
Advanced Property
No
Read-only
No
generic-identity-mapper
Description
Specifies a set of identity mappers that will be used by Network Group for mapping an identity while performing SIMPLE, non-GSSAPI SASL bind requests and proxy authorization controls.
Default Value
The global generic identity mapper will be used.
Allowed Values
The DN of any Identity Mapper. The referenced identity mapper must be enabled when the Network Group is enabled.
Multi-valued
Yes
Required
No
Admin Action Required
None
Advanced Property
No
Read-only
No
gssapi-identity-mapper
Description
Specifies a set of identity mappers that will be used by Network Group for mapping an identity while performing GSSAPI/SASL bind requests.
Default Value
The global GSSAPI identity mapper will be used.
Allowed Values
The DN of any Identity Mapper. The referenced identity mapper must be enabled when the Network Group is enabled.
Multi-valued
Yes
Required
No
Admin Action Required
None
Advanced Property
No
Read-only
No
is-security-mandatory
Description
Specifies whether or not a secured client connection is required in order for clients to establish connections to this Network Group.
Default Value
false
Allowed Values
true
false
Multi-valued
No
Required
No
Admin Action Required
None. Changes to this property take effect immediately and do not interfere with connections that may have already been established.
Advanced Property
No
Read-only
No
priority
Description
Specifies the priority for this Network Group. A client connection is first compared against the Network Group with the lowest priority. If the client connection does not match its connection criteria, then the client connection is compared against the Network Group with next lowest priority, and so on. If no Network Group is selected then the client connection is rejected.
Default Value
None
Allowed Values
An integer value. Lower value is 0.
Multi-valued
No
Required
Yes
Admin Action Required
None
Advanced Property
No
Read-only
No
relocated-rootdse-workflow-element
Description
Specifies the name of the workflow element to use to get an alternate root DSE entry. If the Network Group is not defined (default) then the root DSE entry of the current server is returned.
Default Value
None
Allowed Values
The DN of any Workflow Element. The referenced workflow element must be enabled.
Multi-valued
No
Required
No
Admin Action Required
None
Advanced Property
No
Read-only
No
workflow
Description
Specifies a set of workflows which should be accessible from this Network Group .
Default Value
No workflows will be accessible.
Allowed Values
The DN of any Workflow. The referenced workflows must be enabled.