Security Provider Setting Fields

These fields apply to the security_provider_setting_added, security_provider_setting_changed, and security_provider_setting_removed events.

Field Value Explanation

cluster:members


serialized labeled list

The identifier and name of the servers belonging to this cluster.

cluster:mode

failover
random

The mode in which this cluster is set to operate.

default_group_policy:id

string

The unique identifier of the default group policy to apply to users who authenticate against this security provider.

default_group_policy:name

string

The name of the default group policy to apply to users who authenticate against this security provider.

kerberos:spns:list

string

The list of SPNs by which this provider is identified if the Kerberos SPN handling mode is set to list.

kerberos:spns:mode

all
list

The way SPNs are matched to this provider. All handles any SPN recognized by the keytab, while list handles only the specified list of SPNs.

kerberos:strip_realm

1 or 0

1: The REALM portion will be stripped from the User Principal Name when constructing the username and (optionally) the display name.
0: The REALM portion will not be stripped from the User Principal Name.

kerberos:users:list

string

The first row shown on this page of the report.

kerberos:users:mode

all
list
regex

The way users are matched to this provider. All handles any valid authentication attempt, list handles only the specified list of users, and regex handles only users who match the specified regular expression.

kerberos:users:regex

string

The Perl-compatible regular expression that user principals must match to be considered part of this provider if the Kerberos user handling mode is set to regex.

ldap:agent

1 or 0

1: A connection agent is being used to enable communication.
0: The LDAP server and the Bomgar Appliance communicate directly.

ldap:agent:password

****

The readable date and time of the first date to be included in the report.

ldap:binding:anonymous

1 or 0

1: Anonymous binding is being used.
0: A bind username and password are required.

ldap:binding:password

****

The password used for binding.

ldap:binding:username

string

The username used for binding.

ldap:cert

<data>
or blank

Indicates that a certificate has been uploaded or changed. Only the value <data> will be displayed.

ldap:copy_provider:id

string

The unique identifier of the LDAP user provider from which this LDAP group provider is copying its configuration.

ldap:copy_provider:name

string

The name of the LDAP user provider from which this LDAP group provider is copying its configuration.

ldap:display_query

string

The LDAP query used to determine which users and groups to display when browsing via group policies.

ldap:encryption

none
ssl
starttls

The type of security encryption to use. None indicates non-encrypted LDAP, ssl indicates LDAPS, and starttls indicates LDAP with TLS.

ldap:groups:objects

string

The LDAP objectClasses that are considered valid groups.

ldap:groups:recursive

1 or 0

1: Perform recursive group lookup, searching for group members of groups until no results are returned.
0: Execute only one group lookup query.

ldap:groups:search_base

string

The distinguishedName at which to start searching for groups.

ldap:groups:unique_id

string

The set of LDAP attributes used to uniquely identify groups in the LDAP server.

ldap:groups:user_to_group_relationship

string

The mapping of LDAP attributes used to determine a user’s group memberships.

ldap:host

string

The hostname of the LDAP server.

ldap:port

string

The port through which to connect to the LDAP server.

ldap:private_display_name

string

The set of LDAP attributes used to populate the private display names of users or groups.

ldap:public_display_name

string

The set of LDAP attributes used to populate the public display names of users or groups.

ldap:users:objects

string

The LDAP objectClasses that are considered valid users.

ldap:users:query

string

The LDAP query used to map a particular username to an LDAP user object.

ldap:users:search_base

string

The distinguishedName at which to start searching for users.

ldap:users:user_id

string

The set of LDAP attributes used to uniquely identify users in the LDAP server.

provider:id

string

The unique identifier of the provider to which this setting applies.

provider:name

string

The name of the provider to which this setting applies.

radius:host

string

The hostname of the RADIUS server.

radius:port

string

The port through which to connect to the RADIUS server.

radius:shared_secret

****

The shared secret to use in connecting to the RADIUS server.

radius:timeout

integer

The number of seconds allowed to elapse before the RADIUS server has timed out.

radius:users:list

string

The list of RADIUS users considered part of this provider. If blank, all users are allowed.

sync_display_name

1 or 0

1: Every time a user logs in, his or her display name should be synchronized with the available remove information.
0: A user’s display name should be synchronized with the available remote information only the first time the user logs in.