The Pass Through Authentication Workflow Element provides pass-through authentication to an authentication service such as Kerberos Distribution Server (KDC), SMTP server or external LDAP Servers such as Active Directory etc.
The Pass Through Authentication Workflow Element uses a combination of workflow elements to perform lookup and authentication of the authenticating user.
The Pass Through Authentication Workflow Element component inherits from the Workflow Element
The following components have a direct AGGREGATION relation FROM Pass Through Authentication Workflow Elements :
A description of each property follows.
| Basic Properties: | Advanced Properties: |
|---|---|
| ↓ auth-provider-workflow-element | ↓ java-class |
| ↓ enabled | ↓ password-attribute |
| ↓ user-provider-workflow-element | ↓ pta-auth-suffix |
| ↓ pta-join-rule | |
| ↓ pta-suffix | |
| ↓ pta-user-suffix | |
| ↓ save-password-on-successful-bind |
auth-provider-workflow-element
| Description | Identifies the workflow element that provides the authentication service for the user entry retreived by this Pass Through Authentication Workflow Element. Examples of auth provider are Kerberos or Local backend. During a bind, the Pass Through Authentication Workflow Element delegates the authentication part to an auth provider workflow element. |
|---|---|
| Default Value | None |
| Allowed Values | The DN of any Workflow Element. The referenced workflow element must be enabled. |
| Multi-valued | No |
| Required | Yes |
| Admin Action Required | None |
| Advanced Property | No |
| Read-only | No |
| Description | Indicates whether the Workflow Element is enabled for use in the server. If a Workflow Element is not enabled, then its contents are not accessible when processing operations. |
|---|---|
| Default Value | None |
| Allowed Values | true false |
| Multi-valued | No |
| Required | Yes |
| Admin Action Required | None |
| Advanced Property | No |
| Read-only | No |
user-provider-workflow-element
| Description | Identifies the workflow element that is responsible for providing the requested user entry. An example of user entry provider is local backend. The Pass Through Authentication Workflow Element delegates all but bind operation to a user provider workflow element. |
|---|---|
| Default Value | None |
| Allowed Values | The DN of any Workflow Element. |
| Multi-valued | No |
| Required | Yes |
| Admin Action Required | None |
| Advanced Property | No |
| Read-only | No |
| Description | Specifies the fully-qualified name of the Java class that provides the Pass Through Authentication Workflow Element implementation. |
|---|---|
| Default Value | org.opends.server.workflowelement.pta.PassThroughAuthenticationWorkflowElement |
| Allowed Values | A java class that implements or extends the class(es) : org.opends.server.workflowelement.WorkflowElement |
| Multi-valued | No |
| Required | Yes |
| Admin Action Required | None |
| Advanced Property | Yes |
| Read-only | No |
| Description | Specifies the names of the attribute that contains the password locally. When saving the password locally, that parameter contains the name of the attribute used to store the password in the local entry. |
|---|---|
| Default Value | userPassword |
| Allowed Values | The name of an attribute type defined in the server schema. |
| Multi-valued | No |
| Required | No |
| Admin Action Required | None |
| Advanced Property | Yes |
| Read-only | No |
| Description | The real base DN that is exposed by the auth provider workflow element |
|---|---|
| Default Value | If the value is not set, the pta-suffix value is used. |
| Allowed Values | A valid DN. |
| Multi-valued | No |
| Required | No |
| Admin Action Required | None |
| Advanced Property | Yes |
| Read-only | No |
| Description | The join rule defined between the user provider and auth provider workflow elements. It is of the LDAPFilter syntax containing multiple components mixed with AND/OR/NOT, with each component of the form auth.[attributeName]=user.[attributeName]. If this parameter is not set, the PTA workflow element considers that the user entry and the authentication entry have the same DN. |
|---|---|
| Default Value | If this parameter is not set, the PTA workflow element considers that the user entry and the authentication entry have the same DN. |
| Allowed Values | Join rule specifying how the auth entry is related to the user entry, for instance auth.uid=user.uid |
| Multi-valued | No |
| Required | No |
| Admin Action Required | None |
| Advanced Property | Yes |
| Read-only | No |
| Description | The virtual DN that will be exposed by the PTA Workflow Element |
|---|---|
| Default Value | If the value is not set, the PTA workflow element does not perform any DN renaming. This requires the auth-provider and user-provider to have the same suffix, and this suffix will be exposed by the PTA workflow element. |
| Allowed Values | A valid DN. |
| Multi-valued | No |
| Required | No |
| Admin Action Required | None |
| Advanced Property | Yes |
| Read-only | No |
| Description | The real base DN that is exposed by the user provider workflow element |
|---|---|
| Default Value | If the value is not set, the pta-suffix value is used. |
| Allowed Values | A valid DN. |
| Multi-valued | No |
| Required | No |
| Admin Action Required | None |
| Advanced Property | Yes |
| Read-only | No |
save-password-on-successful-bind
| Description | Indicates whether the password should be saved in the user entry when authentication succeeds. When executing remote authentication, it is sometimes usefull to be able to save the password locally. It is useful during a migration when passwords where not exported, or in cases where passwords needs to be stored locally (i.e EUS). |
|---|---|
| Default Value | false |
| Allowed Values | true false |
| Multi-valued | No |
| Required | No |
| Admin Action Required | None |
| Advanced Property | Yes |
| Read-only | No |