60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinuser-friendly-name=LDAP Pass Through Authentication Policy

990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox Useruser-friendly-plural-name=LDAP Pass Through Authentication Policies

75c0816e8295e180f4bc7f10db3d0d880383bc1cMark Andrewssynopsis=An authentication policy for users whose credentials are managed by a remote LDAP directory service.

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeindescription=Authentication attempts will be redirected to the remote LDAP directory service based on a combination of the criteria specified in this policy and the content of the user's entry in this directory server.

4a14ce5ba00ab7bc55c99ffdcf59c7a4ab902721Automatic Updaterconstraint.1.synopsis=One or more mapped attributes must be specified when using the "mapped-bind" or "mapped-search" mapping policies.

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinconstraint.2.synopsis=One or more search base DNs must be specified when using the "mapped-search" mapping policy.

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinconstraint.3.synopsis=The mapped search bind password must be specified when using the "mapped-search" mapping policy and a mapped-search-bind-dn is defined.

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinconstraint.4.synopsis=The cached password storage scheme must be specified when password caching is enabled.

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinproperty.cached-password-storage-scheme.synopsis=Specifies the name of a password storage scheme which should be used for encoding cached passwords.

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinproperty.cached-password-storage-scheme.description=Changing the password storage scheme will cause all existing cached passwords to be discarded.

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinproperty.cached-password-storage-scheme.syntax.aggregation.constraint-synopsis=The referenced password storage schemes must be enabled.

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinproperty.cached-password-ttl.synopsis=Specifies the maximum length of time that a locally cached password may be used for authentication before it is refreshed from the remote LDAP service.

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinproperty.cached-password-ttl.description=This property represents a cache timeout. Increasing the timeout period decreases the frequency that bind operations are delegated to the remote LDAP service, but increases the risk of users authenticating using stale passwords. Note that authentication attempts which fail because the provided password does not match the locally cached password will always be retried against the remote LDAP service.

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinproperty.connection-timeout.synopsis=Specifies the timeout used when connecting to remote LDAP directory servers, performing SSL negotiation, and for individual search and bind requests.

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinproperty.connection-timeout.description=If the timeout expires then the current operation will be aborted and retried against another LDAP server if one is available.

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinproperty.java-class.synopsis=Specifies the fully-qualified name of the Java class which provides the LDAP Pass Through Authentication Policy implementation.

ea94d370123a5892f6c47a97f21d1b28d44bb168Tinderbox Userproperty.mapped-attribute.synopsis=Specifies one or more attributes in the user's entry whose value(s) will determine the bind DN used when authenticating to the remote LDAP directory service. This property is mandatory when using the "mapped-bind" or "mapped-search" mapping policies.

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinproperty.mapped-attribute.description=At least one value must be provided. All values must refer to the name or OID of an attribute type defined in the directory server schema. At least one of the named attributes must exist in a user's local entry in order for authentication to proceed. When multiple attributes or values are found in the user's entry then the behavior is determined by the mapping policy.

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinproperty.mapped-search-base-dn.synopsis=Specifies the set of base DNs below which to search for users in the remote LDAP directory service. This property is mandatory when using the "mapped-search" mapping policy.

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinproperty.mapped-search-base-dn.description=If multiple values are given, searches are performed below all specified base DNs.

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinproperty.mapped-search-bind-dn.synopsis=Specifies the bind DN which should be used to perform user searches in the remote LDAP directory service.

e21a2904f02a03fa06b6db04d348f65fe9c67b2bMark Andrewsproperty.mapped-search-bind-dn.default-behavior.alias.synopsis=Searches will be performed anonymously.

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinproperty.mapped-search-bind-password.synopsis=Specifies the bind password which should be used to perform user searches in the remote LDAP directory service.

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinproperty.mapped-search-bind-password-environment-variable.synopsis=Specifies the name of an environment variable containing the bind password which should be used to perform user searches in the remote LDAP directory service.

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinproperty.mapped-search-bind-password-file.synopsis=Specifies the name of a file containing the bind password which should be used to perform user searches in the remote LDAP directory service.

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinproperty.mapped-search-bind-password-property.synopsis=Specifies the name of a Java property containing the bind password which should be used to perform user searches in the remote LDAP directory service.

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinproperty.mapping-policy.synopsis=Specifies the mapping algorithm for obtaining the bind DN from the user's entry.

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinproperty.mapping-policy.syntax.enumeration.value.mapped-bind.synopsis=Bind to the remote LDAP directory service using a DN obtained from an attribute in the user's entry. This policy will check each attribute named in the "mapped-attribute" property. If more than one attribute or value is present then the first one will be used.

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinproperty.mapping-policy.syntax.enumeration.value.mapped-search.synopsis=Bind to the remote LDAP directory service using the DN of an entry obtained using a search against the remote LDAP directory service. The search filter will comprise of an equality matching filter whose attribute type is the "mapped-attribute" property, and whose assertion value is the attribute value obtained from the user's entry. If more than one attribute or value is present then the filter will be composed of multiple equality filters combined using a logical OR (union).

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinproperty.mapping-policy.syntax.enumeration.value.unmapped.synopsis=Bind to the remote LDAP directory service using the DN of the user's entry in this directory server.

71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrewsproperty.primary-remote-ldap-server.synopsis=Specifies the primary list of remote LDAP servers which should be used for pass through authentication.

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinproperty.primary-remote-ldap-server.description=If more than one LDAP server is specified then operations may be distributed across them. If all of the primary LDAP servers are unavailable then operations will fail-over to the set of secondary LDAP servers, if defined.

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinproperty.primary-remote-ldap-server.syntax.string.pattern.synopsis=A host name followed by a ":" and a port number.

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinproperty.secondary-remote-ldap-server.synopsis=Specifies the secondary list of remote LDAP servers which should be used for pass through authentication in the event that the primary LDAP servers are unavailable.

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinproperty.secondary-remote-ldap-server.description=If more than one LDAP server is specified then operations may be distributed across them. Operations will be rerouted to the primary LDAP servers as soon as they are determined to be available.

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinproperty.secondary-remote-ldap-server.default-behavior.alias.synopsis=No secondary LDAP servers.

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinproperty.secondary-remote-ldap-server.syntax.string.pattern.synopsis=A host name followed by a ":" and a port number.

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinproperty.source-address.synopsis=If specified, the server will bind to the address before connecting to the remote server.

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinproperty.source-address.description=The address must be one assigned to an existing network interface.

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinproperty.source-address.default-behavior.alias.synopsis=Let the server decide.

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinproperty.ssl-cipher-suite.synopsis=Specifies the names of the SSL cipher suites that are allowed for use in SSL based LDAP connections.

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinproperty.ssl-cipher-suite.default-behavior.alias.synopsis=Uses the default set of SSL cipher suites provided by the server's JVM.

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinproperty.ssl-cipher-suite.requires-admin-action.synopsis=Changes to this property take effect immediately but will only impact new SSL LDAP connections created after the change.

71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrewsproperty.ssl-protocol.synopsis=Specifies the names of the SSL protocols which are allowed for use in SSL based LDAP connections.

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinproperty.ssl-protocol.default-behavior.alias.synopsis=Uses the default set of SSL protocols provided by the server's JVM.

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinproperty.ssl-protocol.requires-admin-action.synopsis=Changes to this property take effect immediately but will only impact new SSL LDAP connections created after the change.

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinproperty.trust-manager-provider.synopsis=Specifies the name of the trust manager that should be used when negotiating SSL connections with remote LDAP directory servers.

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinproperty.trust-manager-provider.default-behavior.alias.synopsis=By default, no trust manager is specified indicating that only certificates signed by the authorities associated with this JVM will be accepted.

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinproperty.trust-manager-provider.requires-admin-action.synopsis=Changes to this property take effect immediately, but only impact subsequent SSL connection negotiations.

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinproperty.trust-manager-provider.syntax.aggregation.constraint-synopsis=The referenced trust manager provider must be enabled when SSL is enabled.

fc74b733bf679e1b3fb1599e32d445dffe325208Tinderbox Userproperty.use-password-caching.synopsis=Indicates whether passwords should be cached locally within the user's entry.

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinproperty.use-ssl.synopsis=Indicates whether the LDAP Pass Through Authentication Policy should use SSL.

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinproperty.use-ssl.description=If enabled, the LDAP Pass Through Authentication Policy will use SSL to encrypt communication with the clients.

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinproperty.use-tcp-keep-alive.synopsis=Indicates whether LDAP connections should use TCP keep-alive.

fc74b733bf679e1b3fb1599e32d445dffe325208Tinderbox Userproperty.use-tcp-keep-alive.description=If enabled, the SO_KEEPALIVE socket option is used to indicate that TCP keepalive messages should periodically be sent to the client to verify that the associated connection is still valid. This may also help prevent cases in which intermediate network hardware could silently drop an otherwise idle client connection, provided that the keepalive interval configured in the underlying operating system is smaller than the timeout enforced by the network hardware.

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinproperty.use-tcp-no-delay.synopsis=Indicates whether LDAP connections should use TCP no-delay.

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinproperty.use-tcp-no-delay.description=If enabled, the TCP_NODELAY socket option is used to ensure that response messages to the client are sent immediately rather than potentially waiting to determine whether additional response messages can be sent in the same packet. In most cases, using the TCP_NODELAY socket option provides better performance and lower response times, but disabling it may help for some cases in which the server sends a large number of entries to a client in response to a search request.

fc74b733bf679e1b3fb1599e32d445dffe325208Tinderbox User