Note: this component has a complexity level of "expert", which means that objects of this type are not expected to be created or altered. Please contact support for assistance if you believe that you have a need to create or modify this type of object.
The Fingerprint Certificate Mapper maps client certificates to user entries by looking for the MD5, SHA-1, or SHA-2 fingerprint in a specified attribute of user entries.
↓Parent Component
↓Properties
↓dsconfig Usage
The Fingerprint Certificate Mapper component inherits from the Certificate Mapper
The properties supported by this managed object are as follows:
Basic Properties: | Advanced Properties: |
---|---|
↓ description | None |
↓ enabled | |
↓ fingerprint-attribute | |
↓ fingerprint-algorithm | |
↓ user-base-dn |
Description | A description for this Certificate Mapper |
Default Value | None |
Allowed Values | A string |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Description | Indicates whether the Certificate Mapper is enabled. |
Default Value | None |
Allowed Values | true false |
Multi-Valued | No |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
Description | Specifies the attribute in which to look for the fingerprint. Values of the fingerprint attribute should exactly match the MD5, SHA-1, or SHA-2 representation of the certificate fingerprint. |
Default Value | ds-certificate-fingerprint |
Allowed Values | The name or OID of an attribute type defined in the server schema. |
Multi-Valued | No |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
Description | Specifies the name of the digest algorithm to compute the fingerprint of client certificates. |
Default Value | None |
Allowed Values | md5 - Use the MD5 digest algorithm to compute certificate fingerprints. sha1 - Use the SHA-1 digest algorithm to compute certificate fingerprints. sha256 - Use the 256-bit SHA-2 digest algorithm to compute certificate fingerprints. |
Multi-Valued | No |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
Description | Specifies the set of base DNs below which to search for users. The base DNs are used when performing searches to map the client certificates to a user entry. |
Default Value | The server performs the search in all public naming contexts. |
Allowed Values | A valid DN. |
Multi-Valued | Yes |
Required | No |
Admin Action Required | None. Modification requires no further action |
To list the configured Certificate Mappers:
dsconfig list-certificate-mappers [--property {propertyName}] ...
To view the configuration for an existing Certificate Mapper:
dsconfig get-certificate-mapper-prop --mapper-name {name} [--tab-delimited] [--script-friendly] [--property {propertyName}] ...
To update the configuration for an existing Certificate Mapper:
dsconfig set-certificate-mapper-prop --mapper-name {name} (--set|--add|--remove) {propertyName}:{propertyValue} [(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new Fingerprint Certificate Mapper:
dsconfig create-certificate-mapper --mapper-name {name} --type fingerprint --set enabled:{propertyValue} --set fingerprint-algorithm:{propertyValue} [--set {propertyName}:{propertyValue}] ...
To delete an existing Certificate Mapper:
dsconfig delete-certificate-mapper --mapper-name {name}