DEPLOYMENT > Syslog > Syslog Events > Security Provider Setting

Security Provider Setting Fields

These fields apply to the security_provider_setting_added, security_provider_setting_changed, and security_provider_setting_removed events.

Field Value Explanation

cluster:mode

failover
random

The mode in which this cluster is set to operate.

cluster:retry:delay integer

The number of seconds to wait after a cluster member becomes unavailable before trying that cluster member again.

default_group_policy:id

string

The unique identifier of the default group policy to apply to users who authenticate against this security provider.

default_group_policy:name

string

The name of the default group policy to apply to users who authenticate against this security provider.

kerberos:spns:list

string

The list of SPNs by which this provider is identified if the Kerberos SPN handling mode is set to list.

kerberos:spns:mode

all
list

The way SPNs are matched to this provider. All handles any SPN recognized by the keytab, while list handles only the specified list of SPNs.

kerberos:strip_realm

1 or 0

1: The REALM portion will be stripped from the User Principal Name when constructing the username and (optionally) the display name.
0: The REALM portion will not be stripped from the User Principal Name.

kerberos:users:mode

all
list
regex

The way users are matched to this provider. All handles any valid authentication attempt, list handles only the specified list of users, and regex handles only users who match the specified regular expression.

kerberos:users:regex

string

The Perl-compatible regular expression that user principals must match to be considered part of this provider if the Kerberos user handling mode is set to regex.

ldap:agent

1 or 0

1: A connection agent is being used to enable communication.
0: The LDAP server and the Bomgar Appliance communicate directly.

ldap:agent:password

****

The readable date and time of the first date to be included in the report.

ldap:binding:anonymous

1 or 0

1: Anonymous binding is being used.
0: A bind username and password are required.

ldap:binding:password

****

The password used for binding.

ldap:binding:username

string

The username used for binding.

ldap:cert

<data>
or blank

Indicates that a certificate has been uploaded or changed. Only the value <data> will be displayed.

ldap:display_name string

The set of LDAP attributes used to populate group display names.

ldap:display_query

string

The LDAP query used to determine which users and groups to display when browsing via group policies.

ldap:encryption

none
ssl
starttls

The type of security encryption to use. None indicates non-encrypted LDAP, ssl indicates LDAPS, and starttls indicates LDAP with TLS.

ldap:groups:objects

string

The LDAP objectClasses that are considered valid groups.

ldap:groups:recursive

1 or 0

1: Perform recursive group lookup, searching for group members of groups until no results are returned.
0: Execute only one group lookup query.

ldap:groups:search_base

string

The distinguishedName at which to start searching for groups.

ldap:groups:unique_id

string

The set of LDAP attributes used to uniquely identify groups in the LDAP server.

ldap:groups:user_to_group_relationship

string

The mapping of LDAP attributes used to determine a user’s group memberships.

ldap:host

string

The hostname of the LDAP server.

ldap:port

string

The port through which to connect to the LDAP server.

ldap:private_display_name

string

The set of LDAP attributes used to populate users' private display names.

ldap:public_display_name

string

The set of LDAP attributes used to populate users' public display names.

ldap:user_display_query string

The LDAP query used to define which results are displayed when adding users to a group policy or embassy.

ldap:users:objects

string

The LDAP objectClasses that are considered valid users.

ldap:users:query

string

The LDAP query used to map a particular username to an LDAP user object.

ldap:users:search_base

string

The distinguishedName at which to start searching for users.

ldap:users:user_id

string

The set of LDAP attributes used to uniquely identify users in the LDAP server.

provider:id

string

The unique identifier of the provider to which this setting applies.

provider:name

string

The name of the provider to which this setting applies.

radius:host

string

The hostname of the RADIUS server.

radius:port

string

The port through which to connect to the RADIUS server.

radius:shared_secret

****

The shared secret to use in connecting to the RADIUS server.

radius:timeout

integer

The number of seconds allowed to elapse before the RADIUS server has timed out.

radius:users:mode all
list

The way users are matched to this provider. All handles any valid authentication attempt, and list handles only the specified list of users.

users:list string The list of users allowed to authenticate against this provider to access your Bomgar software.

sync_display_name

1 or 0

1: Every time a user logs in, his or her display name should be synchronized with the available remove information.
0: A user’s display name should be synchronized with the available remote information only the first time the user logs in.

Related Topics