Note: this component has a complexity level of "expert", which means that objects of this type are not expected to be created or altered. Please contact support for assistance if you believe that you have a need to create or modify this type of object.
The External SASL Mechanism Handler performs all processing related to SASL EXTERNAL authentication.
↓Parent Component
↓Relations from This Component
↓Properties
↓dsconfig Usage
The External SASL Mechanism Handler component inherits from the SASL Mechanism Handler
The following components have a direct aggregation relation from External SASL Mechanism Handlers:
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| ↓ description | None |
| ↓ enabled | |
| ↓ certificate-validation-policy | |
| ↓ certificate-attribute | |
| ↓ certificate-mapper |
| Description | A description for this SASL Mechanism Handler |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether the SASL mechanism handler is enabled for use. |
| Default Value | None |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether to attempt to validate the peer certificate against a certificate held in the user's entry. |
| Default Value | None |
| Allowed Values | always - Always require the peer certificate to be present in the user's entry. ifpresent - If the user's entry contains one or more certificates, require that one of them match the peer certificate. never - Do not look for the peer certificate to be present in the user's entry. |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the name of the attribute to hold user certificates. This property must specify the name of a valid attribute type defined in the server schema. |
| Default Value | userCertificate |
| Allowed Values | The name or OID of an attribute type defined in the server schema. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the name of the certificate mapper that should be used to match client certificates to user entries. |
| Default Value | None |
| Allowed Values | The DN of any Certificate Mapper. The referenced certificate mapper must be enabled when the External SASL Mechanism Handler is enabled. |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
To list the configured SASL Mechanism Handlers:
dsconfig list-sasl-mechanism-handlers
[--property {propertyName}] ...
To view the configuration for an existing SASL Mechanism Handler:
dsconfig get-sasl-mechanism-handler-prop
--handler-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing SASL Mechanism Handler:
dsconfig set-sasl-mechanism-handler-prop
--handler-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...