Name

dsconfig get-sasl-mechanism-handler-prop — Shows SASL Mechanism Handler properties

Synopsis

dsconfig get-sasl-mechanism-handler-prop {options}

Options

The dsconfig get-sasl-mechanism-handler-prop command takes the following options:

--handler-name {name}

The name of the SASL Mechanism Handler.

SASL Mechanism Handler properties depend on the SASL Mechanism Handler type, which depends on the {name} you provide.

By default, OpenDJ directory server supports the following SASL Mechanism Handler types:

anonymous-sasl-mechanism-handler

Default {name}: Anonymous SASL Mechanism Handler

Enabled by default: true

See the section called “Anonymous SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.

cram-md5-sasl-mechanism-handler

Default {name}: Cram MD5 SASL Mechanism Handler

Enabled by default: true

See the section called “Cram MD5 SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.

digest-md5-sasl-mechanism-handler

Default {name}: Digest MD5 SASL Mechanism Handler

Enabled by default: true

See the section called “Digest MD5 SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.

external-sasl-mechanism-handler

Default {name}: External SASL Mechanism Handler

Enabled by default: true

See the section called “External SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.

gssapi-sasl-mechanism-handler

Default {name}: GSSAPI SASL Mechanism Handler

Enabled by default: true

See the section called “GSSAPI SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.

plain-sasl-mechanism-handler

Default {name}: Plain SASL Mechanism Handler

Enabled by default: true

See the section called “Plain SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.

--property {property}

The name of a property to be displayed.

SASL Mechanism Handler properties depend on the SASL Mechanism Handler type, which depends on the {property} you provide.

By default, OpenDJ directory server supports the following SASL Mechanism Handler types:

anonymous-sasl-mechanism-handler

Default {property}: Anonymous SASL Mechanism Handler

Enabled by default: true

See the section called “Anonymous SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.

cram-md5-sasl-mechanism-handler

Default {property}: Cram MD5 SASL Mechanism Handler

Enabled by default: true

See the section called “Cram MD5 SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.

digest-md5-sasl-mechanism-handler

Default {property}: Digest MD5 SASL Mechanism Handler

Enabled by default: true

See the section called “Digest MD5 SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.

external-sasl-mechanism-handler

Default {property}: External SASL Mechanism Handler

Enabled by default: true

See the section called “External SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.

gssapi-sasl-mechanism-handler

Default {property}: GSSAPI SASL Mechanism Handler

Enabled by default: true

See the section called “GSSAPI SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.

plain-sasl-mechanism-handler

Default {property}: Plain SASL Mechanism Handler

Enabled by default: true

See the section called “Plain SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.

-E | --record

Modifies the display output to show one property value per line.

SASL Mechanism Handler properties depend on the SASL Mechanism Handler type, which depends on the null you provide.

By default, OpenDJ directory server supports the following SASL Mechanism Handler types:

anonymous-sasl-mechanism-handler

Default null: Anonymous SASL Mechanism Handler

Enabled by default: true

See the section called “Anonymous SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.

cram-md5-sasl-mechanism-handler

Default null: Cram MD5 SASL Mechanism Handler

Enabled by default: true

See the section called “Cram MD5 SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.

digest-md5-sasl-mechanism-handler

Default null: Digest MD5 SASL Mechanism Handler

Enabled by default: true

See the section called “Digest MD5 SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.

external-sasl-mechanism-handler

Default null: External SASL Mechanism Handler

Enabled by default: true

See the section called “External SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.

gssapi-sasl-mechanism-handler

Default null: GSSAPI SASL Mechanism Handler

Enabled by default: true

See the section called “GSSAPI SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.

plain-sasl-mechanism-handler

Default null: Plain SASL Mechanism Handler

Enabled by default: true

See the section called “Plain SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.

-z | --unit-size {unit}

Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

SASL Mechanism Handler properties depend on the SASL Mechanism Handler type, which depends on the {unit} you provide.

By default, OpenDJ directory server supports the following SASL Mechanism Handler types:

anonymous-sasl-mechanism-handler

Default {unit}: Anonymous SASL Mechanism Handler

Enabled by default: true

See the section called “Anonymous SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.

cram-md5-sasl-mechanism-handler

Default {unit}: Cram MD5 SASL Mechanism Handler

Enabled by default: true

See the section called “Cram MD5 SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.

digest-md5-sasl-mechanism-handler

Default {unit}: Digest MD5 SASL Mechanism Handler

Enabled by default: true

See the section called “Digest MD5 SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.

external-sasl-mechanism-handler

Default {unit}: External SASL Mechanism Handler

Enabled by default: true

See the section called “External SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.

gssapi-sasl-mechanism-handler

Default {unit}: GSSAPI SASL Mechanism Handler

Enabled by default: true

See the section called “GSSAPI SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.

plain-sasl-mechanism-handler

Default {unit}: Plain SASL Mechanism Handler

Enabled by default: true

See the section called “Plain SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.

-m | --unit-time {unit}

Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

SASL Mechanism Handler properties depend on the SASL Mechanism Handler type, which depends on the {unit} you provide.

By default, OpenDJ directory server supports the following SASL Mechanism Handler types:

anonymous-sasl-mechanism-handler

Default {unit}: Anonymous SASL Mechanism Handler

Enabled by default: true

See the section called “Anonymous SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.

cram-md5-sasl-mechanism-handler

Default {unit}: Cram MD5 SASL Mechanism Handler

Enabled by default: true

See the section called “Cram MD5 SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.

digest-md5-sasl-mechanism-handler

Default {unit}: Digest MD5 SASL Mechanism Handler

Enabled by default: true

See the section called “Digest MD5 SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.

external-sasl-mechanism-handler

Default {unit}: External SASL Mechanism Handler

Enabled by default: true

See the section called “External SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.

gssapi-sasl-mechanism-handler

Default {unit}: GSSAPI SASL Mechanism Handler

Enabled by default: true

See the section called “GSSAPI SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.

plain-sasl-mechanism-handler

Default {unit}: Plain SASL Mechanism Handler

Enabled by default: true

See the section called “Plain SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.

Digest MD5 SASL Mechanism Handler

SASL Mechanism Handlers of type digest-md5-sasl-mechanism-handler have the following properties:

enabled
Description

Indicates whether the SASL mechanism handler is enabled for use.

Default Value

None

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

identity-mapper
Description

Specifies the name of the identity mapper that is to be used with this SASL mechanism handler to match the authentication or authorization ID included in the SASL bind request to the corresponding user in the directory.

Default Value

None

Allowed Values

The DN of any Identity Mapper. The referenced identity mapper must be enabled when the Digest MD5 SASL Mechanism Handler is enabled.

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

java-class
Description

Specifies the fully-qualified name of the Java class that provides the SASL mechanism handler implementation.

Default Value

org.opends.server.extensions.DigestMD5SASLMechanismHandler

Allowed Values

A Java class that implements or extends the class(es): org.opends.server.api.SASLMechanismHandler

Multi-valued

No

Required

Yes

Admin Action Required

The SASL Mechanism Handler must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

quality-of-protection
Description

The name of a property that specifies the quality of protection the server will support.

Default Value

none

Allowed Values
confidentiality

Quality of protection equals authentication with integrity and confidentiality protection.

integrity

Quality of protection equals authentication with integrity protection.

none

QOP equals authentication only.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

realm
Description

Specifies the realms that is to be used by the server for DIGEST-MD5 authentication. If this value is not provided, then the server defaults to use the fully qualified hostname of the machine.

Default Value

If this value is not provided, then the server defaults to use the fully qualified hostname of the machine.

Allowed Values

Any realm string that does not contain a comma.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

server-fqdn
Description

Specifies the DNS-resolvable fully-qualified domain name for the server that is used when validating the digest-uri parameter during the authentication process. If this configuration attribute is present, then the server expects that clients use a digest-uri equal to "ldap/" followed by the value of this attribute. For example, if the attribute has a value of "directory.example.com", then the server expects clients to use a digest-uri of "ldap/directory.example.com". If no value is provided, then the server does not attempt to validate the digest-uri provided by the client and accepts any value.

Default Value

The server attempts to determine the fully-qualified domain name dynamically.

Allowed Values

The fully-qualified address that is expected for clients to use when connecting to the server and authenticating via DIGEST-MD5.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

External SASL Mechanism Handler

SASL Mechanism Handlers of type external-sasl-mechanism-handler have the following properties:

certificate-attribute
Description

Specifies the name of the attribute to hold user certificates. This property must specify the name of a valid attribute type defined in the server schema.

Default Value

userCertificate

Allowed Values

The name of an attribute type defined in the server schema.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

certificate-mapper
Description

Specifies the name of the certificate mapper that should be used to match client certificates to user entries.

Default Value

None

Allowed Values

The DN of any Certificate Mapper. The referenced certificate mapper must be enabled when the External SASL Mechanism Handler is enabled.

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

certificate-validation-policy
Description

Indicates whether to attempt to validate the peer certificate against a certificate held in the user's entry.

Default Value

None

Allowed Values
always

Always require the peer certificate to be present in the user's entry.

ifpresent

If the user's entry contains one or more certificates, require that one of them match the peer certificate.

never

Do not look for the peer certificate to be present in the user's entry.

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

enabled
Description

Indicates whether the SASL mechanism handler is enabled for use.

Default Value

None

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

java-class
Description

Specifies the fully-qualified name of the Java class that provides the SASL mechanism handler implementation.

Default Value

org.opends.server.extensions.ExternalSASLMechanismHandler

Allowed Values

A Java class that implements or extends the class(es): org.opends.server.api.SASLMechanismHandler

Multi-valued

No

Required

Yes

Admin Action Required

The SASL Mechanism Handler must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

GSSAPI SASL Mechanism Handler

SASL Mechanism Handlers of type gssapi-sasl-mechanism-handler have the following properties:

enabled
Description

Indicates whether the SASL mechanism handler is enabled for use.

Default Value

None

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

identity-mapper
Description

Specifies the name of the identity mapper that is to be used with this SASL mechanism handler to match the Kerberos principal included in the SASL bind request to the corresponding user in the directory.

Default Value

None

Allowed Values

The DN of any Identity Mapper. The referenced identity mapper must be enabled when the GSSAPI SASL Mechanism Handler is enabled.

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

java-class
Description

Specifies the fully-qualified name of the Java class that provides the SASL mechanism handler implementation.

Default Value

org.opends.server.extensions.GSSAPISASLMechanismHandler

Allowed Values

A Java class that implements or extends the class(es): org.opends.server.api.SASLMechanismHandler

Multi-valued

No

Required

Yes

Admin Action Required

The SASL Mechanism Handler must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

kdc-address
Description

Specifies the address of the KDC that is to be used for Kerberos processing. If provided, this property must be a fully-qualified DNS-resolvable name. If this property is not provided, then the server attempts to determine it from the system-wide Kerberos configuration.

Default Value

The server attempts to determine the KDC address from the underlying system configuration.

Allowed Values

A String

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

keytab
Description

Specifies the path to the keytab file that should be used for Kerberos processing. If provided, this is either an absolute path or one that is relative to the server instance root.

Default Value

The server attempts to use the system-wide default keytab.

Allowed Values

A String

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

principal-name
Description

Specifies the principal name. It can either be a simple user name or a service name such as host/example.com. If this property is not provided, then the server attempts to build the principal name by appending the fully qualified domain name to the string "ldap/".

Default Value

The server attempts to determine the principal name from the underlying system configuration.

Allowed Values

A String

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

quality-of-protection
Description

The name of a property that specifies the quality of protection the server will support.

Default Value

none

Allowed Values
confidentiality

Quality of protection equals authentication with integrity and confidentiality protection.

integrity

Quality of protection equals authentication with integrity protection.

none

QOP equals authentication only.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

realm
Description

Specifies the realm to be used for GSSAPI authentication.

Default Value

The server attempts to determine the realm from the underlying system configuration.

Allowed Values

A String

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

server-fqdn
Description

Specifies the DNS-resolvable fully-qualified domain name for the system.

Default Value

The server attempts to determine the fully-qualified domain name dynamically .

Allowed Values

A String

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No