dsconfig set-certificate-mapper-prop — Modifies Certificate Mapper properties
dsconfig set-certificate-mapper-prop
{options}
The dsconfig set-certificate-mapper-prop command takes the following options:
--mapper-name {name}
The name of the Certificate Mapper.
Certificate Mapper properties depend on the Certificate Mapper type, which depends on the {name} you provide.
By default, OpenDJ directory server supports the following Certificate Mapper types:
Default {name}: Fingerprint Certificate Mapper
Enabled by default: true
See the section called “Fingerprint Certificate Mapper” for the properties of this Certificate Mapper type.
Default {name}: Subject Attribute To User Attribute Certificate Mapper
Enabled by default: true
See the section called “Subject Attribute To User Attribute Certificate Mapper” for the properties of this Certificate Mapper type.
Default {name}: Subject DN To User Attribute Certificate Mapper
Enabled by default: true
See the section called “Subject DN To User Attribute Certificate Mapper” for the properties of this Certificate Mapper type.
Default {name}: Subject Equals DN Certificate Mapper
Enabled by default: true
See the section called “Subject Equals DN Certificate Mapper” for the properties of this Certificate Mapper type.
--set {PROP:VALUE}
Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it.
Certificate Mapper properties depend on the Certificate Mapper type, which depends on the --mapper-name {name}
option.
--reset {property}
Resets a property back to its default values where PROP is the name of the property to be reset.
Certificate Mapper properties depend on the Certificate Mapper type, which depends on the --mapper-name {name}
option.
--add {PROP:VALUE}
Adds a single value to a property where PROP is the name of the property and VALUE is the single value to be added.
Certificate Mapper properties depend on the Certificate Mapper type, which depends on the --mapper-name {name}
option.
--remove {PROP:VALUE}
Removes a single value from a property where PROP is the name of the property and VALUE is the single value to be removed.
Certificate Mapper properties depend on the Certificate Mapper type, which depends on the --mapper-name {name}
option.
Certificate Mappers of type fingerprint-certificate-mapper have the following properties:
Indicates whether the Certificate Mapper is enabled.
None
true
false
No
Yes
None
No
No
Specifies the name of the digest algorithm to compute the fingerprint of client certificates.
None
Use the MD5 digest algorithm to compute certificate fingerprints.
Use the SHA-1 digest algorithm to compute certificate fingerprints.
No
Yes
None
No
No
Specifies the attribute in which to look for the fingerprint. Values of the fingerprint attribute should exactly match the MD5 or SHA1 representation of the certificate fingerprint.
None
The name of an attribute type defined in the server schema.
No
Yes
None
No
No
Specifies the fully-qualified name of the Java class that provides the Fingerprint Certificate Mapper implementation.
org.opends.server.extensions.FingerprintCertificateMapper
A Java class that implements or extends the class(es): org.opends.server.api.CertificateMapper
No
Yes
The Certificate Mapper must be disabled and re-enabled for changes to this setting to take effect
Yes (Use --advanced in interactive mode.)
No
Specifies the set of base DNs below which to search for users. The base DNs are used when performing searches to map the client certificates to a user entry.
The server performs the search in all public naming contexts.
A valid DN.
Yes
No
None
No
No
Certificate Mappers of type subject-attribute-to-user-attribute-certificate-mapper have the following properties:
Indicates whether the Certificate Mapper is enabled.
None
true
false
No
Yes
None
No
No
Specifies the fully-qualified name of the Java class that provides the Subject Attribute To User Attribute Certificate Mapper implementation.
org.opends.server.extensions.SubjectAttributeToUserAttributeCertificateMapper
A Java class that implements or extends the class(es): org.opends.server.api.CertificateMapper
No
Yes
The Certificate Mapper must be disabled and re-enabled for changes to this setting to take effect
Yes (Use --advanced in interactive mode.)
No
Specifies a mapping between certificate attributes and user attributes. Each value should be in the form "certattr:userattr" where certattr is the name of the attribute in the certificate subject and userattr is the name of the corresponding attribute in user entries. There may be multiple mappings defined, and when performing the mapping values for all attributes present in the certificate subject that have mappings defined must be present in the corresponding user entries.
None
A String
Yes
Yes
None
No
No
Specifies the base DNs that should be used when performing searches to map the client certificate to a user entry.
The server will perform the search in all public naming contexts.
A valid DN.
Yes
No
None
No
No
Certificate Mappers of type subject-dn-to-user-attribute-certificate-mapper have the following properties:
Indicates whether the Certificate Mapper is enabled.
None
true
false
No
Yes
None
No
No
Specifies the fully-qualified name of the Java class that provides the Subject DN To User Attribute Certificate Mapper implementation.
org.opends.server.extensions.SubjectDNToUserAttributeCertificateMapper
A Java class that implements or extends the class(es): org.opends.server.api.CertificateMapper
No
Yes
The Certificate Mapper must be disabled and re-enabled for changes to this setting to take effect
Yes (Use --advanced in interactive mode.)
No
Specifies the name or OID of the attribute whose value should exactly match the certificate subject DN.
None
The name of an attribute type defined in the server schema.
No
Yes
None
No
No
Specifies the base DNs that should be used when performing searches to map the client certificate to a user entry.
The server will perform the search in all public naming contexts.
A valid DN.
Yes
No
None
No
No
Certificate Mappers of type subject-equals-dn-certificate-mapper have the following properties:
Indicates whether the Certificate Mapper is enabled.
None
true
false
No
Yes
None
No
No
Specifies the fully-qualified name of the Java class that provides the Subject Equals DN Certificate Mapper implementation.
org.opends.server.extensions.SubjectEqualsDNCertificateMapper
A Java class that implements or extends the class(es): org.opends.server.api.CertificateMapper
No
Yes
The Certificate Mapper must be disabled and re-enabled for changes to this setting to take effect
Yes (Use --advanced in interactive mode.)
No