Specifies a set of allowed authorization methods that clients must use in order to establish connections to this Network Group.
Default Value
All authorization methods are allowed.
Allowed Values
anonymous - Unauthorized clients.
sasl - Clients who bind using SASL/external certificate based authentication.
simple - Clients who bind using simple authentication (name and password).
Multi-valued
Yes
Required
No
Admin Action Required
None. Changes to this property take effect immediately and do not interfere with connections that may have already been established.
Advanced Property
No
Read-only
No
allowed-bind-dn
Description
Specifies a set of bind DN patterns that determine the clients that are allowed to establish connections to this Network Group. Valid bind DN filters are strings composed of zero or more wildcards. A double wildcard ** replaces one or more RDN components (as in uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces either a whole RDN, or a whole type, or a value substring (as in uid=bj*,ou=people,dc=example,dc=com).
Default Value
All bind DNs are allowed.
Allowed Values
A String
Multi-valued
Yes
Required
No
Admin Action Required
None. Changes to this property take effect immediately and do not interfere with connections that may have already been established.
Advanced Property
No
Read-only
No
allowed-client
Description
Specifies a set of host names or address masks that determine the clients that are allowed to establish connections to this Network Group. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask.
Default Value
All clients with addresses that do not match an address on the deny list are allowed. If there is no deny list, then all clients are allowed.
Allowed Values
An IP address mask
Multi-valued
Yes
Required
No
Admin Action Required
None. Changes to this property take effect immediately and do not interfere with connections that may have already been established.
Advanced Property
No
Read-only
No
allowed-protocol
Description
Specifies a set of allowed supported protocols that clients must use in order to establish connections to this Network Group.
Default Value
All supported protocols are allowed.
Allowed Values
ldap - Clients using LDAP are allowed.
ldaps - Clients using LDAPS are allowed.
Multi-valued
Yes
Required
No
Admin Action Required
None. Changes to this property take effect immediately and do not interfere with connections that may have already been established.
Advanced Property
No
Read-only
No
denied-client
Description
Specifies a set of host names or address masks that determine the clients that are not allowed to establish connections to this Network Group. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. If both allowed and denied client masks are defined and a client connection matches one or more masks in both lists, then the connection is denied. If only a denied list is specified, then any client not matching a mask in that list is allowed.
Default Value
If an allow list is specified, then only clients with addresses on the allow list are allowed. Otherwise, all clients are allowed.
Allowed Values
An IP address mask
Multi-valued
Yes
Required
No
Admin Action Required
None. Changes to this property take effect immediately and do not interfere with connections that may have already been established.
Advanced Property
No
Read-only
No
enabled
Description
Indicates whether the Network Group is enabled for use in the server. If a Network Group is not enabled then its workflows will not be accessible when processing operations.
Default Value
None
Allowed Values
true
false
Multi-valued
No
Required
Yes
Admin Action Required
None
Advanced Property
No
Read-only
No
is-security-mandatory
Description
Specifies whether or not a secured client connection is required in order for clients to establish connections to this Network Group.
Default Value
false
Allowed Values
true
false
Multi-valued
No
Required
No
Admin Action Required
None. Changes to this property take effect immediately and do not interfere with connections that may have already been established.
Advanced Property
No
Read-only
No
priority
Description
Specifies the priority for this Network Group. A client connection is first compared against the Network Group with the lowest priority. If the client connection does not match its connection criteria, then the client connection is compared against the Network Group with next lowest priority, and so on. If no Network Group is selected then the client connection is rejected.
Default Value
None
Allowed Values
An integer value. Lower value is 0.
Multi-valued
No
Required
Yes
Admin Action Required
None
Advanced Property
No
Read-only
No
workflow
Description
Specifies a set of workflows which should be accessible from this Network Group .
Default Value
No workflows will be accessible.
Allowed Values
The DN of any Workflow. The referenced workflows must be enabled.
Multi-valued
Yes
Required
No
Admin Action Required
None
Advanced Property
No
Read-only
No
LDAP Mapping
Each configuration property can be mapped to a specific LDAP attribute under the "cn=config" entry. The mappings that follow are provided for information only. In general, you should avoid changing the server configuration by manipulating the LDAP attributes directly.