An authentication policy for users whose credentials are managed by a remote LDAP directory service. Authentication attempts will be redirected to the remote LDAP directory service based on a combination of the criteria specified in this policy and the content of the user's entry in this directory server. One or more mapped attributes must be specified when using the "mapped-bind" or "mapped-search" mapping policies. One or more search base DNs must be specified when using the "mapped-search" mapping policies. ds-cfg-ldap-pass-through-authentication-policy ds-cfg-authentication-policy org.opends.server.extensions.LDAPPassThroughAuthenticationPolicyFactory Specifies the primary list of remote LDAP servers which should be used for pass through authentication. If more than one LDAP server is specified then operations may be distributed across them. If all of the primary LDAP servers are unavailable then operations will fail-over to the set of secondary LDAP servers, if defined. ^.+:[0-9]+$ HOST:PORT A host name followed by a ":" and a port number. ds-cfg-primary-remote-ldap-server Specifies the secondary list of remote LDAP servers which should be used for pass through authentication in the event that the primary LDAP servers are unavailable. If more than one LDAP server is specified then operations may be distributed across them. Operations will be rerouted to the primary LDAP servers as soon as they are determined to be available. No secondary LDAP servers. ^.+:[0-9]+$ HOST:PORT A host name followed by a ":" and a port number. ds-cfg-secondary-remote-ldap-server Specifies the mapping algorithm for obtaining the bind DN from the user's entry. unmapped Bind to the remote LDAP directory service using the DN of the user's entry in this directory server. Bind to the remote LDAP directory service using a DN obtained from an attribute in the user's entry. This policy will check each attribute named in the "match-attribute" property. If more than one attribute or value is present then the first one will be used. Bind to the remote LDAP directory service using the DN of an entry obtained using a search against the remote LDAP directory service. The search filter will comprise of an equality matching filter whose attribute type is the "match-attribute" property, and whose assertion value is the attribute value obtained from the user's entry. If more than one attribute or value is present then the filter will be composed of multiple equality filters combined using a logical OR (union). ds-cfg-mapping-policy Specifies one or more attributes in the user's entry whose value(s) will determine the bind DN used when authenticating to the remote LDAP directory service. This property is mandatory when using the "mapped-bind" or "mapped-search" mapping policies. At least one value must be provided. All values must refer to the name or OID of an attribute type defined in the directory server schema. At least one of the named attributes must exist in a user's local entry in order for authentication to proceed. When multiple attributes or values are found in the user's entry then the behavior is determined by the mapping policy. ds-cfg-mapped-attribute Specifies the bind DN which should be used for perform user searches in the remote LDAP directory service. Searches will be performed anonymously. ds-cfg-mapped-search-bind-dn Specifies the bind password which should be used for perform user searches in the remote LDAP directory service. Searches will be performed anonymously. ds-cfg-mapped-search-bind-password Specifies the set of base DNs below which to search for users in the remote LDAP directory service. This property is mandatory when using the "mapped-search" mapping policy. If multiple values are given, searches are performed below all specified base DNs. ds-cfg-mapped-search-base-dn