Online Help | |
Sun Java (TM) System Directory Proxy Server | |
Network Group Forwarding View Binds Tab
Directory Proxy Server network groups describe how to identify an LDAP client, and the restrictions to enforce for clients that match that group. Clients are initially identified into a group based on the network address from which they connect. They may change their group after a successful bind.
Network groups are tested in the descending order of priority, specified by their placement in the Network Group window. In this window, groups on the bottom of the list have less priority than those towards the top. If no groups are found to match a client, the client's request will be rejected. There must be at least one group entry in the configuration specification.
Clients are identified to belong to this network group based on their IP address and/or domain name.
Once Directory Proxy Server has accepted a connection from the client and matched a group, it will wait for the client to send the LDAP bind request. Directory Proxy Server uses the "Client DN," "Permit Anonymous binds," "Permit simple binds," and "Permit SASL binds" to determine whether to pass the bind request to the server, or reject the bind request and close the client's connection.
If the client's bind passes enabled tests, Directory Proxy Server will forward it to the server. If the server accepts the bind, the connection is established. If, however, the server returns an error indication for the bind request, Directory Proxy Server will forward the error indication to the client, and then close the connection to the client, if the client was using LDAPv2.
Group name. Enter the group name that specifies the name of the group. This value must be unique within the set of groups. This value must be present as it forms the RDN of entries of this class.
Enable. By default, this option is selected for you. Deselect it to disable a group in a configuration. For a group to be part of Directory Proxy Server configuration, this option must be selected.
Allow all clients. By default, "Allow all clients" is enabled, and permits any access by client.
Reject clients whose DN is not subordinate to. Choose "Reject clients whose DN is not subordinate to" if a network group will specify a Distinguished Name. Any client that provides a distinguished name in its bind that is not subordinate to a this DN will be rejected.
Browse... Displays a dialog to browse an LDAP directory in order to construct a DN.
Permit anonymous binds. By default, "Permit anonymous binds" is enabled, which permits a bind even if a client has not supplied a password. If "Permit anonymous binds" is disabled it will forbid anonymous binds.
Permit simple binds. By default, "Permit simple binds" is enabled, which permits a client to supply a password in the clear. Disable "Permit simple binds" to forbid clear text password authenticated bind requests.
Permit SASL binds. By default, "Permit SASL binds" is enabled, which specifies whether SASL binds are permitted. Disable "Permit SASL binds" to forbid SASL authentication.
Copyright 2005 Sun Microsystems, Inc. All rights reserved.