Name

dsconfig set-certificate-mapper-prop — Modifies Certificate Mapper properties

Synopsis

dsconfig set-certificate-mapper-prop {options}

Options

The dsconfig set-certificate-mapper-prop command takes the following options:

--mapper-name {name}

The name of the Certificate Mapper.

Certificate Mapper properties depend on the Certificate Mapper type, which depends on the {name} you provide.

By default, OpenDJ directory server supports the following Certificate Mapper types:

fingerprint-certificate-mapper

Default {name}: Fingerprint Certificate Mapper

Enabled by default: true

See the section called “Fingerprint Certificate Mapper” for the properties of this Certificate Mapper type.

subject-attribute-to-user-attribute-certificate-mapper

Default {name}: Subject Attribute To User Attribute Certificate Mapper

Enabled by default: true

See the section called “Subject Attribute To User Attribute Certificate Mapper” for the properties of this Certificate Mapper type.

subject-dn-to-user-attribute-certificate-mapper

Default {name}: Subject DN To User Attribute Certificate Mapper

Enabled by default: true

See the section called “Subject DN To User Attribute Certificate Mapper” for the properties of this Certificate Mapper type.

subject-equals-dn-certificate-mapper

Default {name}: Subject Equals DN Certificate Mapper

Enabled by default: true

See the section called “Subject Equals DN Certificate Mapper” for the properties of this Certificate Mapper type.

--set {PROP:VALUE}

Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it.

Certificate Mapper properties depend on the Certificate Mapper type, which depends on the --mapper-name {name} option.

--reset {property}

Resets a property back to its default values where PROP is the name of the property to be reset.

Certificate Mapper properties depend on the Certificate Mapper type, which depends on the --mapper-name {name} option.

--add {PROP:VALUE}

Adds a single value to a property where PROP is the name of the property and VALUE is the single value to be added.

Certificate Mapper properties depend on the Certificate Mapper type, which depends on the --mapper-name {name} option.

--remove {PROP:VALUE}

Removes a single value from a property where PROP is the name of the property and VALUE is the single value to be removed.

Certificate Mapper properties depend on the Certificate Mapper type, which depends on the --mapper-name {name} option.

Fingerprint Certificate Mapper

Certificate Mappers of type fingerprint-certificate-mapper have the following properties:

enabled
Description

Indicates whether the Certificate Mapper is enabled.

Default Value

None

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

fingerprint-algorithm
Description

Specifies the name of the digest algorithm to compute the fingerprint of client certificates.

Default Value

None

Allowed Values
md5

Use the MD5 digest algorithm to compute certificate fingerprints.

sha1

Use the SHA-1 digest algorithm to compute certificate fingerprints.

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

fingerprint-attribute
Description

Specifies the attribute in which to look for the fingerprint. Values of the fingerprint attribute should exactly match the MD5 or SHA1 representation of the certificate fingerprint.

Default Value

None

Allowed Values

The name of an attribute type defined in the server schema.

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

java-class
Description

Specifies the fully-qualified name of the Java class that provides the Fingerprint Certificate Mapper implementation.

Default Value

org.opends.server.extensions.FingerprintCertificateMapper

Allowed Values

A Java class that implements or extends the class(es): org.opends.server.api.CertificateMapper

Multi-valued

No

Required

Yes

Admin Action Required

The Certificate Mapper must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

user-base-dn
Description

Specifies the set of base DNs below which to search for users. The base DNs are used when performing searches to map the client certificates to a user entry.

Default Value

The server performs the search in all public naming contexts.

Allowed Values

A valid DN.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

Subject Attribute To User Attribute Certificate Mapper

Certificate Mappers of type subject-attribute-to-user-attribute-certificate-mapper have the following properties:

enabled
Description

Indicates whether the Certificate Mapper is enabled.

Default Value

None

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

java-class
Description

Specifies the fully-qualified name of the Java class that provides the Subject Attribute To User Attribute Certificate Mapper implementation.

Default Value

org.opends.server.extensions.SubjectAttributeToUserAttributeCertificateMapper

Allowed Values

A Java class that implements or extends the class(es): org.opends.server.api.CertificateMapper

Multi-valued

No

Required

Yes

Admin Action Required

The Certificate Mapper must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

subject-attribute-mapping
Description

Specifies a mapping between certificate attributes and user attributes. Each value should be in the form "certattr:userattr" where certattr is the name of the attribute in the certificate subject and userattr is the name of the corresponding attribute in user entries. There may be multiple mappings defined, and when performing the mapping values for all attributes present in the certificate subject that have mappings defined must be present in the corresponding user entries.

Default Value

None

Allowed Values

A String

Multi-valued

Yes

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

user-base-dn
Description

Specifies the base DNs that should be used when performing searches to map the client certificate to a user entry.

Default Value

The server will perform the search in all public naming contexts.

Allowed Values

A valid DN.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

Subject DN To User Attribute Certificate Mapper

Certificate Mappers of type subject-dn-to-user-attribute-certificate-mapper have the following properties:

enabled
Description

Indicates whether the Certificate Mapper is enabled.

Default Value

None

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

java-class
Description

Specifies the fully-qualified name of the Java class that provides the Subject DN To User Attribute Certificate Mapper implementation.

Default Value

org.opends.server.extensions.SubjectDNToUserAttributeCertificateMapper

Allowed Values

A Java class that implements or extends the class(es): org.opends.server.api.CertificateMapper

Multi-valued

No

Required

Yes

Admin Action Required

The Certificate Mapper must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

subject-attribute
Description

Specifies the name or OID of the attribute whose value should exactly match the certificate subject DN.

Default Value

None

Allowed Values

The name of an attribute type defined in the server schema.

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

user-base-dn
Description

Specifies the base DNs that should be used when performing searches to map the client certificate to a user entry.

Default Value

The server will perform the search in all public naming contexts.

Allowed Values

A valid DN.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No