Package org.forgerock.opendj.server.config.client

Interface ProxyBackendCfgClient

All Superinterfaces:
BackendCfgClient, ConfigurationClient
public interface ProxyBackendCfgClient extends BackendCfgClient
A client-side interface for reading and modifying Proxy Backend settings.

A Proxy Backend forwards LDAP requests to other servers.

  • Method Details

    • definition

      ManagedObjectDefinition<? extends ProxyBackendCfgClient,? extends ProxyBackendCfg> definition()
      Get the configuration definition associated with this Proxy Backend.
      Specified by:
      definition in interface BackendCfgClient
      Specified by:
      definition in interface ConfigurationClient
      Returns:
      Returns the configuration definition associated with this Proxy Backend.

    • getAvailabilityCheckInterval

      ValueOrExpression<Long> getAvailabilityCheckInterval()
      Gets the "availability-check-interval" property.

      Specifies the interval which the Proxy Backend will use to send the availability check request to decide if a server is available.

      The Proxy Backend sends an availability check request to the servers every specified interval to be informed on the availability of the server.

      Default value: 5s

      Returns:
      Returns the value of the "availability-check-interval" property.

    • setAvailabilityCheckInterval

      void setAvailabilityCheckInterval(ValueOrExpression<Long> value) throws PropertyException
      Sets the "availability-check-interval" property.

      Specifies the interval which the Proxy Backend will use to send the availability check request to decide if a server is available.

      The Proxy Backend sends an availability check request to the servers every specified interval to be informed on the availability of the server.

      Parameters:
      value - The value of the "availability-check-interval" property.
      Throws:
      PropertyException - If the new value is invalid.

    • getAvailabilityCheckSearchRequestBaseDn

      @MandatoryProperty ValueOrExpression<Dn> getAvailabilityCheckSearchRequestBaseDn()
      Gets the "availability-check-search-request-base-dn" property.

      Specifies the name of an entry of the application data that will be targeted by availability check requests to detect whether a remote server is available and handling requests against application data.

      By default availability check requests will attempt to read the remote server's root DSE, but the search request can target any other entry of the application data accessible by anonymous bind.

      Default value:

      Returns:
      Returns the value of the "availability-check-search-request-base-dn" property.

    • setAvailabilityCheckSearchRequestBaseDn

      @MandatoryProperty void setAvailabilityCheckSearchRequestBaseDn(ValueOrExpression<Dn> value) throws PropertyException
      Sets the "availability-check-search-request-base-dn" property.

      Specifies the name of an entry of the application data that will be targeted by availability check requests to detect whether a remote server is available and handling requests against application data.

      By default availability check requests will attempt to read the remote server's root DSE, but the search request can target any other entry of the application data accessible by anonymous bind.

      Parameters:
      value - The value of the "availability-check-search-request-base-dn" property.
      Throws:
      PropertyException - If the new value is invalid.

    • getAvailabilityCheckSearchRequestFilter

      ValueOrExpression<String> getAvailabilityCheckSearchRequestFilter()
      Gets the "availability-check-search-request-filter" property.

      Specifies the search filter of the availability check requests.

      By default availability check requests use the LDAP absolute true search filter which evaluates to always true. Specifying a filter requiring evaluation, will make the availability check fail if the evaluation returns zero entries and have the Proxy Backend mark the server as not available.

      Default value: (&)

      Returns:
      Returns the value of the "availability-check-search-request-filter" property.

    • setAvailabilityCheckSearchRequestFilter

      void setAvailabilityCheckSearchRequestFilter(ValueOrExpression<String> value) throws PropertyException
      Sets the "availability-check-search-request-filter" property.

      Specifies the search filter of the availability check requests.

      By default availability check requests use the LDAP absolute true search filter which evaluates to always true. Specifying a filter requiring evaluation, will make the availability check fail if the evaluation returns zero entries and have the Proxy Backend mark the server as not available.

      Parameters:
      value - The value of the "availability-check-search-request-filter" property.
      Throws:
      PropertyException - If the new value is invalid.

    • getAvailabilityCheckTimeout

      ValueOrExpression<Long> getAvailabilityCheckTimeout()
      Gets the "availability-check-timeout" property.

      Specifies the availability check request timeout that the Proxy Backend will use to decide if a server is available.

      If an availability check response is not received within the timeout, the Proxy Backend considers the server as not available to process user requests.

      Default value: 3s

      Returns:
      Returns the value of the "availability-check-timeout" property.

    • setAvailabilityCheckTimeout

      void setAvailabilityCheckTimeout(ValueOrExpression<Long> value) throws PropertyException
      Sets the "availability-check-timeout" property.

      Specifies the availability check request timeout that the Proxy Backend will use to decide if a server is available.

      If an availability check response is not received within the timeout, the Proxy Backend considers the server as not available to process user requests.

      Parameters:
      value - The value of the "availability-check-timeout" property.
      Throws:
      PropertyException - If the new value is invalid.

    • getBaseDn

      SortedSet<ValueOrExpression<Dn>> getBaseDn()
      Gets the "base-dn" property.

      Specifies the base DN(s) for the data that the backend handles.

      A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. When the "route-all" property is set to "true" then the "base-dn" property is ignored.

      Returns:
      Returns the values of the "base-dn" property.

    • setBaseDn

      void setBaseDn(Collection<ValueOrExpression<Dn>> values) throws PropertyException
      Sets the "base-dn" property.

      Specifies the base DN(s) for the data that the backend handles.

      A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. When the "route-all" property is set to "true" then the "base-dn" property is ignored.

      Parameters:
      values - The values of the "base-dn" property.
      Throws:
      PropertyException - If one or more of the new values are invalid.

    • getConnectionPoolIdleTimeout

      ValueOrExpression<Long> getConnectionPoolIdleTimeout()
      Gets the "connection-pool-idle-timeout" property.

      The time out period after which unused non-core connections will be closed and removed from the connection pool.

      Default value: 60s

      Returns:
      Returns the value of the "connection-pool-idle-timeout" property.

    • setConnectionPoolIdleTimeout

      void setConnectionPoolIdleTimeout(ValueOrExpression<Long> value) throws PropertyException
      Sets the "connection-pool-idle-timeout" property.

      The time out period after which unused non-core connections will be closed and removed from the connection pool.

      Parameters:
      value - The value of the "connection-pool-idle-timeout" property.
      Throws:
      PropertyException - If the new value is invalid.

    • getConnectionPoolMaxSize

      ValueOrExpression<Integer> getConnectionPoolMaxSize()
      Gets the "connection-pool-max-size" property.

      Maximum size of the connection pool for each remote server

      Default value: 1024

      Returns:
      Returns the value of the "connection-pool-max-size" property.

    • setConnectionPoolMaxSize

      void setConnectionPoolMaxSize(ValueOrExpression<Integer> value) throws PropertyException
      Sets the "connection-pool-max-size" property.

      Maximum size of the connection pool for each remote server

      Parameters:
      value - The value of the "connection-pool-max-size" property.
      Throws:
      PropertyException - If the new value is invalid.

    • getConnectionPoolMinSize

      ValueOrExpression<Integer> getConnectionPoolMinSize()
      Gets the "connection-pool-min-size" property.

      Minimum size of the connection pool for each remote server

      Default value: 4

      Returns:
      Returns the value of the "connection-pool-min-size" property.

    • setConnectionPoolMinSize

      void setConnectionPoolMinSize(ValueOrExpression<Integer> value) throws PropertyException
      Sets the "connection-pool-min-size" property.

      Minimum size of the connection pool for each remote server

      Parameters:
      value - The value of the "connection-pool-min-size" property.
      Throws:
      PropertyException - If the new value is invalid.

    • getConnectionTimeout

      ValueOrExpression<Long> getConnectionTimeout()
      Gets the "connection-timeout" property.

      Specifies the timeout used when connecting to servers, performing SSL negotiation, and for individual search and bind requests.

      If the timeout expires then the current operation will be aborted and retried against another LDAP server if one is available.

      Default value: 10s

      Returns:
      Returns the value of the "connection-timeout" property.

    • setConnectionTimeout

      void setConnectionTimeout(ValueOrExpression<Long> value) throws PropertyException
      Sets the "connection-timeout" property.

      Specifies the timeout used when connecting to servers, performing SSL negotiation, and for individual search and bind requests.

      If the timeout expires then the current operation will be aborted and retried against another LDAP server if one is available.

      Parameters:
      value - The value of the "connection-timeout" property.
      Throws:
      PropertyException - If the new value is invalid.

    • getDiscoveryInterval

      ValueOrExpression<Long> getDiscoveryInterval()
      Gets the "discovery-interval" property.

      Interval between two server configuration discovery executions.

      Specifies how frequently to read the configuration of the servers in order to discover any configuration change.

      Default value: 60s

      Returns:
      Returns the value of the "discovery-interval" property.

    • setDiscoveryInterval

      void setDiscoveryInterval(ValueOrExpression<Long> value) throws PropertyException
      Sets the "discovery-interval" property.

      Interval between two server configuration discovery executions.

      Specifies how frequently to read the configuration of the servers in order to discover any configuration change.

      Parameters:
      value - The value of the "discovery-interval" property.
      Throws:
      PropertyException - If the new value is invalid.

    • getHashFunction

      ValueOrExpression<ProxyBackendCfgDefn.HashFunction> getHashFunction()
      Gets the "hash-function" property.

      Specifies the hash function which will be used for data distribution.

      This setting only applies to data distribution. Once this server is deployed, this setting must not be modified. Doing so could result in data loss. The hash function is used by the router to map incoming requests to a target server based on the request's target DN. The role of the hash function is to ensure that the flow of incoming requests is evenly distributed on the set of servers.

      Default value: murmur3

      Returns:
      Returns the value of the "hash-function" property.

    • setHashFunction

      void setHashFunction(ValueOrExpression<ProxyBackendCfgDefn.HashFunction> value) throws PropertyException
      Sets the "hash-function" property.

      Specifies the hash function which will be used for data distribution.

      This setting only applies to data distribution. Once this server is deployed, this setting must not be modified. Doing so could result in data loss. The hash function is used by the router to map incoming requests to a target server based on the request's target DN. The role of the hash function is to ensure that the flow of incoming requests is evenly distributed on the set of servers.

      Parameters:
      value - The value of the "hash-function" property.
      Throws:
      PropertyException - If the new value is invalid.

    • getJavaClass

      @MandatoryProperty ValueOrExpression<String> getJavaClass()
      Gets the "java-class" property.

      Specifies the fully-qualified name of the Java class that provides the backend implementation.

      Default value: org.opends.server.backends.ProxyBackend

      Specified by:
      getJavaClass in interface BackendCfgClient
      Returns:
      Returns the value of the "java-class" property.

    • setJavaClass

      @MandatoryProperty void setJavaClass(ValueOrExpression<String> value) throws PropertyException
      Sets the "java-class" property.

      Specifies the fully-qualified name of the Java class that provides the backend implementation.

      Specified by:
      setJavaClass in interface BackendCfgClient
      Parameters:
      value - The value of the "java-class" property.
      Throws:
      PropertyException - If the new value is invalid.

    • getKeepAliveInterval

      ValueOrExpression<Long> getKeepAliveInterval()
      Gets the "keep-alive-interval" property.

      Specifies the keep-alive interval that the Proxy Backend will use for connections with the remote servers.

      The Proxy Backend sends a keep-alive request to the servers every specified interval to prevent the connection from appearing idle and being forcefully closed.

      Default value: 300s

      Returns:
      Returns the value of the "keep-alive-interval" property.

    • setKeepAliveInterval

      void setKeepAliveInterval(ValueOrExpression<Long> value) throws PropertyException
      Sets the "keep-alive-interval" property.

      Specifies the keep-alive interval that the Proxy Backend will use for connections with the remote servers.

      The Proxy Backend sends a keep-alive request to the servers every specified interval to prevent the connection from appearing idle and being forcefully closed.

      Parameters:
      value - The value of the "keep-alive-interval" property.
      Throws:
      PropertyException - If the new value is invalid.

    • getKeepAliveSearchRequestBaseDn

      @MandatoryProperty ValueOrExpression<Dn> getKeepAliveSearchRequestBaseDn()
      Gets the "keep-alive-search-request-base-dn" property.

      Specifies the name of the entry that will be targeted by keep-alive requests.

      By default keep-alive requests will attempt to read the remote server's root DSE, but the search request can target any other entry accessible by anonymous bind.

      Default value:

      Returns:
      Returns the value of the "keep-alive-search-request-base-dn" property.

    • setKeepAliveSearchRequestBaseDn

      @MandatoryProperty void setKeepAliveSearchRequestBaseDn(ValueOrExpression<Dn> value) throws PropertyException
      Sets the "keep-alive-search-request-base-dn" property.

      Specifies the name of the entry that will be targeted by keep-alive requests.

      By default keep-alive requests will attempt to read the remote server's root DSE, but the search request can target any other entry accessible by anonymous bind.

      Parameters:
      value - The value of the "keep-alive-search-request-base-dn" property.
      Throws:
      PropertyException - If the new value is invalid.

    • getKeepAliveSearchRequestFilter

      ValueOrExpression<String> getKeepAliveSearchRequestFilter()
      Gets the "keep-alive-search-request-filter" property.

      Specifies the search filter of the keep-alive requests.

      By default keep-alive requests use the LDAP absolute true search filter, which evaluates to always true. Specifying a filter requiring evaluation, will make the keep-alive fail if the evaluation returns zero entries.

      Default value: (&)

      Returns:
      Returns the value of the "keep-alive-search-request-filter" property.

    • setKeepAliveSearchRequestFilter

      void setKeepAliveSearchRequestFilter(ValueOrExpression<String> value) throws PropertyException
      Sets the "keep-alive-search-request-filter" property.

      Specifies the search filter of the keep-alive requests.

      By default keep-alive requests use the LDAP absolute true search filter, which evaluates to always true. Specifying a filter requiring evaluation, will make the keep-alive fail if the evaluation returns zero entries.

      Parameters:
      value - The value of the "keep-alive-search-request-filter" property.
      Throws:
      PropertyException - If the new value is invalid.

    • getKeepAliveTimeout

      ValueOrExpression<Long> getKeepAliveTimeout()
      Gets the "keep-alive-timeout" property.

      Specifies the keep-alive request timeout that the Proxy Backend will use for connections with the remote servers.

      If a keep-alive answer is not received within the timeout, the Proxy Backend closes the unresponsive connection and connects to another server.

      Default value: 3s

      Returns:
      Returns the value of the "keep-alive-timeout" property.

    • setKeepAliveTimeout

      void setKeepAliveTimeout(ValueOrExpression<Long> value) throws PropertyException
      Sets the "keep-alive-timeout" property.

      Specifies the keep-alive request timeout that the Proxy Backend will use for connections with the remote servers.

      If a keep-alive answer is not received within the timeout, the Proxy Backend closes the unresponsive connection and connects to another server.

      Parameters:
      value - The value of the "keep-alive-timeout" property.
      Throws:
      PropertyException - If the new value is invalid.

    • getKeyManagerProvider

      ValueOrExpression<String> getKeyManagerProvider()
      Gets the "key-manager-provider" property.

      Specifies the name of the key manager that should be used with this Proxy Backend.

      Default value is undefined

      Returns:
      Returns the value of the "key-manager-provider" property.

    • setKeyManagerProvider

      void setKeyManagerProvider(ValueOrExpression<String> value) throws PropertyException
      Sets the "key-manager-provider" property.

      Specifies the name of the key manager that should be used with this Proxy Backend.

      Parameters:
      value - The value of the "key-manager-provider" property.
      Throws:
      PropertyException - If the new value is invalid.

    • getPartitionBaseDn

      SortedSet<ValueOrExpression<Dn>> getPartitionBaseDn()
      Gets the "partition-base-dn" property.

      Specifies the base DN(s) which is used for affinity load-balancing and data distribution

      Within a single shard, "affinity" load-balancing uses this setting to provide consistency for add/delete operations targeting entries within the same sub-tree. Entries immediately subordinate to the partition base DNs will be considered to be the root of a sub-tree whose entries belong to the same shard. For example, a partition base DN of "ou=people,dc=example,dc=com" would mean that "uid=bjensen,ou=people,dc=example,dc=com" and "deviceid=12345,uid=bjensen,ou=people,dc=example,dc=com" both belong to the same shard, and all operations targeting them would be routed to the same remote server. When applied to data distribution across multiple shards, this setting consistently routes operations targeting an entry below the partition DN to the same shard. Requests targeting the partition DN or above are routed to any shard. Search requests are routed to all shards unless their scope is under the partition DN. For example, if the partition base DN is set to "ou=people,dc=example,dc=com", a search with base DN "uid=bjensen,ou=people,dc=example,dc=com" or "deviceid=12345,uid=bjensen,ou=people,dc=example,dc=com" is always routed to the same shard. A search with base DN "ou=people,dc=example,dc=com" is routed to all shards.

      Returns:
      Returns the values of the "partition-base-dn" property.

    • setPartitionBaseDn

      void setPartitionBaseDn(Collection<ValueOrExpression<Dn>> values) throws PropertyException
      Sets the "partition-base-dn" property.

      Specifies the base DN(s) which is used for affinity load-balancing and data distribution

      Within a single shard, "affinity" load-balancing uses this setting to provide consistency for add/delete operations targeting entries within the same sub-tree. Entries immediately subordinate to the partition base DNs will be considered to be the root of a sub-tree whose entries belong to the same shard. For example, a partition base DN of "ou=people,dc=example,dc=com" would mean that "uid=bjensen,ou=people,dc=example,dc=com" and "deviceid=12345,uid=bjensen,ou=people,dc=example,dc=com" both belong to the same shard, and all operations targeting them would be routed to the same remote server. When applied to data distribution across multiple shards, this setting consistently routes operations targeting an entry below the partition DN to the same shard. Requests targeting the partition DN or above are routed to any shard. Search requests are routed to all shards unless their scope is under the partition DN. For example, if the partition base DN is set to "ou=people,dc=example,dc=com", a search with base DN "uid=bjensen,ou=people,dc=example,dc=com" or "deviceid=12345,uid=bjensen,ou=people,dc=example,dc=com" is always routed to the same shard. A search with base DN "ou=people,dc=example,dc=com" is routed to all shards.

      Parameters:
      values - The values of the "partition-base-dn" property.
      Throws:
      PropertyException - If one or more of the new values are invalid.

    • getProxyUserDn

      ValueOrExpression<Dn> getProxyUserDn()
      Gets the "proxy-user-dn" property.

      The bind DN that is used to forward LDAP requests to remote servers.

      The proxy connects to the remote server using this bind DN and uses the proxied authorization control to forward requests on behalf of the proxy users. This bind DN must exist on all the remote servers.

      Default value is undefined

      Returns:
      Returns the value of the "proxy-user-dn" property.

    • setProxyUserDn

      void setProxyUserDn(ValueOrExpression<Dn> value) throws PropertyException
      Sets the "proxy-user-dn" property.

      The bind DN that is used to forward LDAP requests to remote servers.

      The proxy connects to the remote server using this bind DN and uses the proxied authorization control to forward requests on behalf of the proxy users. This bind DN must exist on all the remote servers.

      Parameters:
      value - The value of the "proxy-user-dn" property.
      Throws:
      PropertyException - If the new value is invalid.

    • getProxyUserPassword

      ValueOrExpression<String> getProxyUserPassword()
      Gets the "proxy-user-password" property.

      Clear-text password associated with the proxy bind DN.

      The proxy password must be the same on all the remote servers.

      Default value is undefined

      Returns:
      Returns the value of the "proxy-user-password" property.

    • setProxyUserPassword

      void setProxyUserPassword(ValueOrExpression<String> value) throws PropertyException
      Sets the "proxy-user-password" property.

      Clear-text password associated with the proxy bind DN.

      The proxy password must be the same on all the remote servers.

      Parameters:
      value - The value of the "proxy-user-password" property.
      Throws:
      PropertyException - If the new value is invalid.

    • isRouteAll

      @MandatoryProperty ValueOrExpression<Boolean> isRouteAll()
      Gets the "route-all" property.

      Route requests to all discovered public naming contexts.

      When the "route-all" property is set to "true" then the "base-dn" property is ignored.

      Returns:
      Returns the value of the "route-all" property.

    • setRouteAll

      @MandatoryProperty void setRouteAll(ValueOrExpression<Boolean> value) throws PropertyException
      Sets the "route-all" property.

      Route requests to all discovered public naming contexts.

      When the "route-all" property is set to "true" then the "base-dn" property is ignored.

      Parameters:
      value - The value of the "route-all" property.
      Throws:
      PropertyException - If the new value is invalid.

    • getShard

      @MandatoryProperty SortedSet<ValueOrExpression<String>> getShard()
      Gets the "shard" property.

      Specifies one or more shards which will be used for distributing data and requests.

      When multiple shards are configured, this setting consistently routes write requests for the same target entry below the partition DN to the same shard. Requests targeting an entry under the partition DN are always routed to a single shard. Requests targeting the partition DN or above are routed to any shard. Search requests are routed to all shards unless their scope is under the partition DN. For example, a search with base DN "uid=bjensen,ou=people,dc=example,dc=com" or "deviceid=12345,uid=bjensen,ou=people,dc=example,dc=com" is always routed to the same shard. A search with base DN "ou=people,dc=example,dc=com" is routed to all shards.

      Default value is undefined

      Returns:
      Returns the values of the "shard" property.

    • setShard

      @MandatoryProperty void setShard(Collection<ValueOrExpression<String>> values) throws PropertyException
      Sets the "shard" property.

      Specifies one or more shards which will be used for distributing data and requests.

      When multiple shards are configured, this setting consistently routes write requests for the same target entry below the partition DN to the same shard. Requests targeting an entry under the partition DN are always routed to a single shard. Requests targeting the partition DN or above are routed to any shard. Search requests are routed to all shards unless their scope is under the partition DN. For example, a search with base DN "uid=bjensen,ou=people,dc=example,dc=com" or "deviceid=12345,uid=bjensen,ou=people,dc=example,dc=com" is always routed to the same shard. A search with base DN "ou=people,dc=example,dc=com" is routed to all shards.

      Parameters:
      values - The values of the "shard" property.
      Throws:
      PropertyException - If one or more of the new values are invalid.

    • getSslCertNickname

      SortedSet<ValueOrExpression<String>> getSslCertNickname()
      Gets the "ssl-cert-nickname" property.

      Specifies the nicknames (also called the aliases) of the keys or key pairs that the Proxy Backend should use when performing SSL communication.

      The property can be used multiple times (referencing different nicknames) when server certificates with different public key algorithms are used in parallel (for example, RSA, DSA, and ECC-based algorithms). When a nickname refers to an asymmetric (public/private) key pair, the nickname for the public key certificate and associated private key entry must match exactly. A single nickname is used to retrieve both the public key and the private key. This is only applicable when the Proxy Backend is configured to use SSL.

      Returns:
      Returns the values of the "ssl-cert-nickname" property.

    • setSslCertNickname

      void setSslCertNickname(Collection<ValueOrExpression<String>> values) throws PropertyException
      Sets the "ssl-cert-nickname" property.

      Specifies the nicknames (also called the aliases) of the keys or key pairs that the Proxy Backend should use when performing SSL communication.

      The property can be used multiple times (referencing different nicknames) when server certificates with different public key algorithms are used in parallel (for example, RSA, DSA, and ECC-based algorithms). When a nickname refers to an asymmetric (public/private) key pair, the nickname for the public key certificate and associated private key entry must match exactly. A single nickname is used to retrieve both the public key and the private key. This is only applicable when the Proxy Backend is configured to use SSL.

      Parameters:
      values - The values of the "ssl-cert-nickname" property.
      Throws:
      PropertyException - If one or more of the new values are invalid.

    • isUseSaslExternal

      ValueOrExpression<Boolean> isUseSaslExternal()
      Gets the "use-sasl-external" property.

      Indicates whether the Proxy Backend should use certificate based authentication when communicating with backend servers.

      If enabled, the Proxy Backend will use mutual TLS when connecting to backend servers. Once the TLS handshake has completed, a SASL/External LDAP bind request will be sent in order to associate the TLS client certificate with an LDAP account on the remote backend server. A key manager provider containing the client certificate must be configured in order to use this feature.

      Default value: false

      Returns:
      Returns the value of the "use-sasl-external" property.

    • setUseSaslExternal

      void setUseSaslExternal(ValueOrExpression<Boolean> value) throws PropertyException
      Sets the "use-sasl-external" property.

      Indicates whether the Proxy Backend should use certificate based authentication when communicating with backend servers.

      If enabled, the Proxy Backend will use mutual TLS when connecting to backend servers. Once the TLS handshake has completed, a SASL/External LDAP bind request will be sent in order to associate the TLS client certificate with an LDAP account on the remote backend server. A key manager provider containing the client certificate must be configured in order to use this feature.

      Parameters:
      value - The value of the "use-sasl-external" property.
      Throws:
      PropertyException - If the new value is invalid.