dsconfig get-sasl-mechanism-handler-prop — Shows SASL Mechanism Handler properties
dsconfig get-sasl-mechanism-handler-prop
{options}
The dsconfig get-sasl-mechanism-handler-prop command takes the following options:
--handler-name {name}
The name of the SASL Mechanism Handler.
SASL Mechanism Handler properties depend on the SASL Mechanism Handler type, which depends on the {name} you provide.
By default, OpenDJ directory server supports the following SASL Mechanism Handler types:
Default {name}: Anonymous SASL Mechanism Handler
Enabled by default: true
See the section called “Anonymous SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.
Default {name}: Cram MD5 SASL Mechanism Handler
Enabled by default: true
See the section called “Cram MD5 SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.
Default {name}: Digest MD5 SASL Mechanism Handler
Enabled by default: true
See the section called “Digest MD5 SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.
Default {name}: External SASL Mechanism Handler
Enabled by default: true
See the section called “External SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.
Default {name}: GSSAPI SASL Mechanism Handler
Enabled by default: true
See the section called “GSSAPI SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.
Default {name}: Plain SASL Mechanism Handler
Enabled by default: true
See the section called “Plain SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.
--property {property}
The name of a property to be displayed.
SASL Mechanism Handler properties depend on the SASL Mechanism Handler type, which depends on the {property} you provide.
By default, OpenDJ directory server supports the following SASL Mechanism Handler types:
Default {property}: Anonymous SASL Mechanism Handler
Enabled by default: true
See the section called “Anonymous SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.
Default {property}: Cram MD5 SASL Mechanism Handler
Enabled by default: true
See the section called “Cram MD5 SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.
Default {property}: Digest MD5 SASL Mechanism Handler
Enabled by default: true
See the section called “Digest MD5 SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.
Default {property}: External SASL Mechanism Handler
Enabled by default: true
See the section called “External SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.
Default {property}: GSSAPI SASL Mechanism Handler
Enabled by default: true
See the section called “GSSAPI SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.
Default {property}: Plain SASL Mechanism Handler
Enabled by default: true
See the section called “Plain SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.
-E | --record
Modifies the display output to show one property value per line.
SASL Mechanism Handler properties depend on the SASL Mechanism Handler type, which depends on the null you provide.
By default, OpenDJ directory server supports the following SASL Mechanism Handler types:
Default null: Anonymous SASL Mechanism Handler
Enabled by default: true
See the section called “Anonymous SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.
Default null: Cram MD5 SASL Mechanism Handler
Enabled by default: true
See the section called “Cram MD5 SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.
Default null: Digest MD5 SASL Mechanism Handler
Enabled by default: true
See the section called “Digest MD5 SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.
Default null: External SASL Mechanism Handler
Enabled by default: true
See the section called “External SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.
Default null: GSSAPI SASL Mechanism Handler
Enabled by default: true
See the section called “GSSAPI SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.
Default null: Plain SASL Mechanism Handler
Enabled by default: true
See the section called “Plain SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.
-z | --unit-size {unit}
Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).
SASL Mechanism Handler properties depend on the SASL Mechanism Handler type, which depends on the {unit} you provide.
By default, OpenDJ directory server supports the following SASL Mechanism Handler types:
Default {unit}: Anonymous SASL Mechanism Handler
Enabled by default: true
See the section called “Anonymous SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.
Default {unit}: Cram MD5 SASL Mechanism Handler
Enabled by default: true
See the section called “Cram MD5 SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.
Default {unit}: Digest MD5 SASL Mechanism Handler
Enabled by default: true
See the section called “Digest MD5 SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.
Default {unit}: External SASL Mechanism Handler
Enabled by default: true
See the section called “External SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.
Default {unit}: GSSAPI SASL Mechanism Handler
Enabled by default: true
See the section called “GSSAPI SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.
Default {unit}: Plain SASL Mechanism Handler
Enabled by default: true
See the section called “Plain SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.
-m | --unit-time {unit}
Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).
SASL Mechanism Handler properties depend on the SASL Mechanism Handler type, which depends on the {unit} you provide.
By default, OpenDJ directory server supports the following SASL Mechanism Handler types:
Default {unit}: Anonymous SASL Mechanism Handler
Enabled by default: true
See the section called “Anonymous SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.
Default {unit}: Cram MD5 SASL Mechanism Handler
Enabled by default: true
See the section called “Cram MD5 SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.
Default {unit}: Digest MD5 SASL Mechanism Handler
Enabled by default: true
See the section called “Digest MD5 SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.
Default {unit}: External SASL Mechanism Handler
Enabled by default: true
See the section called “External SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.
Default {unit}: GSSAPI SASL Mechanism Handler
Enabled by default: true
See the section called “GSSAPI SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.
Default {unit}: Plain SASL Mechanism Handler
Enabled by default: true
See the section called “Plain SASL Mechanism Handler” for the properties of this SASL Mechanism Handler type.
SASL Mechanism Handlers of type anonymous-sasl-mechanism-handler have the following properties:
Indicates whether the SASL mechanism handler is enabled for use.
None
true
false
No
Yes
None
No
No
Specifies the fully-qualified name of the Java class that provides the SASL mechanism handler implementation.
org.opends.server.extensions.AnonymousSASLMechanismHandler
A Java class that implements or extends the class(es): org.opends.server.api.SASLMechanismHandler
No
Yes
The SASL Mechanism Handler must be disabled and re-enabled for changes to this setting to take effect
Yes (Use --advanced in interactive mode.)
No
SASL Mechanism Handlers of type cram-md5-sasl-mechanism-handler have the following properties:
Indicates whether the SASL mechanism handler is enabled for use.
None
true
false
No
Yes
None
No
No
Specifies the name of the identity mapper used with this SASL mechanism handler to match the authentication ID included in the SASL bind request to the corresponding user in the directory.
None
The DN of any Identity Mapper. The referenced identity mapper must be enabled when the Cram MD5 SASL Mechanism Handler is enabled.
No
Yes
None
No
No
Specifies the fully-qualified name of the Java class that provides the SASL mechanism handler implementation.
org.opends.server.extensions.CRAMMD5SASLMechanismHandler
A Java class that implements or extends the class(es): org.opends.server.api.SASLMechanismHandler
No
Yes
The SASL Mechanism Handler must be disabled and re-enabled for changes to this setting to take effect
Yes (Use --advanced in interactive mode.)
No
SASL Mechanism Handlers of type digest-md5-sasl-mechanism-handler have the following properties:
Indicates whether the SASL mechanism handler is enabled for use.
None
true
false
No
Yes
None
No
No
Specifies the name of the identity mapper that is to be used with this SASL mechanism handler to match the authentication or authorization ID included in the SASL bind request to the corresponding user in the directory.
None
The DN of any Identity Mapper. The referenced identity mapper must be enabled when the Digest MD5 SASL Mechanism Handler is enabled.
No
Yes
None
No
No
Specifies the fully-qualified name of the Java class that provides the SASL mechanism handler implementation.
org.opends.server.extensions.DigestMD5SASLMechanismHandler
A Java class that implements or extends the class(es): org.opends.server.api.SASLMechanismHandler
No
Yes
The SASL Mechanism Handler must be disabled and re-enabled for changes to this setting to take effect
Yes (Use --advanced in interactive mode.)
No
The name of a property that specifies the quality of protection the server will support.
none
Quality of protection equals authentication with integrity and confidentiality protection.
Quality of protection equals authentication with integrity protection.
QOP equals authentication only.
No
No
None
No
No
Specifies the realms that is to be used by the server for DIGEST-MD5 authentication. If this value is not provided, then the server defaults to use the fully qualified hostname of the machine.
If this value is not provided, then the server defaults to use the fully qualified hostname of the machine.
Any realm string that does not contain a comma.
No
No
None
No
No
Specifies the DNS-resolvable fully-qualified domain name for the server that is used when validating the digest-uri parameter during the authentication process. If this configuration attribute is present, then the server expects that clients use a digest-uri equal to "ldap/" followed by the value of this attribute. For example, if the attribute has a value of "directory.example.com", then the server expects clients to use a digest-uri of "ldap/directory.example.com". If no value is provided, then the server does not attempt to validate the digest-uri provided by the client and accepts any value.
The server attempts to determine the fully-qualified domain name dynamically.
The fully-qualified address that is expected for clients to use when connecting to the server and authenticating via DIGEST-MD5.
No
No
None
No
No
SASL Mechanism Handlers of type external-sasl-mechanism-handler have the following properties:
Specifies the name of the attribute to hold user certificates. This property must specify the name of a valid attribute type defined in the server schema.
userCertificate
The name of an attribute type defined in the server schema.
No
No
None
No
No
Specifies the name of the certificate mapper that should be used to match client certificates to user entries.
None
The DN of any Certificate Mapper. The referenced certificate mapper must be enabled when the External SASL Mechanism Handler is enabled.
No
Yes
None
No
No
Indicates whether to attempt to validate the peer certificate against a certificate held in the user's entry.
None
Always require the peer certificate to be present in the user's entry.
If the user's entry contains one or more certificates, require that one of them match the peer certificate.
Do not look for the peer certificate to be present in the user's entry.
No
Yes
None
No
No
Indicates whether the SASL mechanism handler is enabled for use.
None
true
false
No
Yes
None
No
No
Specifies the fully-qualified name of the Java class that provides the SASL mechanism handler implementation.
org.opends.server.extensions.ExternalSASLMechanismHandler
A Java class that implements or extends the class(es): org.opends.server.api.SASLMechanismHandler
No
Yes
The SASL Mechanism Handler must be disabled and re-enabled for changes to this setting to take effect
Yes (Use --advanced in interactive mode.)
No
SASL Mechanism Handlers of type gssapi-sasl-mechanism-handler have the following properties:
Indicates whether the SASL mechanism handler is enabled for use.
None
true
false
No
Yes
None
No
No
Specifies the name of the identity mapper that is to be used with this SASL mechanism handler to match the Kerberos principal included in the SASL bind request to the corresponding user in the directory.
None
The DN of any Identity Mapper. The referenced identity mapper must be enabled when the GSSAPI SASL Mechanism Handler is enabled.
No
Yes
None
No
No
Specifies the fully-qualified name of the Java class that provides the SASL mechanism handler implementation.
org.opends.server.extensions.GSSAPISASLMechanismHandler
A Java class that implements or extends the class(es): org.opends.server.api.SASLMechanismHandler
No
Yes
The SASL Mechanism Handler must be disabled and re-enabled for changes to this setting to take effect
Yes (Use --advanced in interactive mode.)
No
Specifies the address of the KDC that is to be used for Kerberos processing. If provided, this property must be a fully-qualified DNS-resolvable name. If this property is not provided, then the server attempts to determine it from the system-wide Kerberos configuration.
The server attempts to determine the KDC address from the underlying system configuration.
A String
No
No
None
No
No
Specifies the path to the keytab file that should be used for Kerberos processing. If provided, this is either an absolute path or one that is relative to the server instance root.
The server attempts to use the system-wide default keytab.
A String
No
No
None
No
No
Specifies the principal name. It can either be a simple user name or a service name such as host/example.com. If this property is not provided, then the server attempts to build the principal name by appending the fully qualified domain name to the string "ldap/".
The server attempts to determine the principal name from the underlying system configuration.
A String
No
No
None
No
No
The name of a property that specifies the quality of protection the server will support.
none
Quality of protection equals authentication with integrity and confidentiality protection.
Quality of protection equals authentication with integrity protection.
QOP equals authentication only.
No
No
None
No
No
Specifies the realm to be used for GSSAPI authentication.
The server attempts to determine the realm from the underlying system configuration.
A String
No
No
None
No
No
Specifies the DNS-resolvable fully-qualified domain name for the system.
The server attempts to determine the fully-qualified domain name dynamically .
A String
No
No
None
No
No
SASL Mechanism Handlers of type plain-sasl-mechanism-handler have the following properties:
Indicates whether the SASL mechanism handler is enabled for use.
None
true
false
No
Yes
None
No
No
Specifies the name of the identity mapper that is to be used with this SASL mechanism handler to match the authentication or authorization ID included in the SASL bind request to the corresponding user in the directory.
None
The DN of any Identity Mapper. The referenced identity mapper must be enabled when the Plain SASL Mechanism Handler is enabled.
No
Yes
None
No
No
Specifies the fully-qualified name of the Java class that provides the SASL mechanism handler implementation.
org.opends.server.extensions.PlainSASLMechanismHandler
A Java class that implements or extends the class(es): org.opends.server.api.SASLMechanismHandler
No
Yes
The SASL Mechanism Handler must be disabled and re-enabled for changes to this setting to take effect
Yes (Use --advanced in interactive mode.)
No