Note: this component has a complexity level of "expert", which means that objects of this type are not expected to be created or altered. Please contact UnboundID support for assistance if you believe that you have a need to create or modify this type of object.
The External SASL Mechanism Handler performs all processing related to SASL EXTERNAL authentication.
↓Parent Component
↓Relations To this Component
↓Properties
↓dsconfig Usage
The External SASL Mechanism Handler component inherits from the SASL Mechanism Handler
The following components have a direct aggregation relation from External SASL Mechanism Handlers:
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| ↓ description | None |
| ↓ enabled | |
| ↓ certificate-validation-policy | |
| ↓ certificate-attribute | |
| ↓ certificate-mapper |
| Description | A description for this SASL Mechanism Handler |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether the SASL mechanism handler is enabled for use. |
| Default Value | None |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether to attempt to validate the peer certificate against a certificate held in the user's entry. |
| Default Value | None |
| Allowed Values | always - Always require the peer certificate to be present in the user's entry. ifpresent - If the user's entry contains one or more certificates, require that one of them match the peer certificate. never - Do not look for the peer certificate to be present in the user's entry. |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the name of the attribute to hold user certificates. This property must specify the name of a valid attribute type defined in the server schema. |
| Default Value | userCertificate |
| Allowed Values | The name or OID of an attribute type defined in the server schema. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the name of the certificate mapper that should be used to match client certificates to user entries. |
| Default Value | None |
| Allowed Values | The DN of any Certificate Mapper. The referenced certificate mapper must be enabled when the External SASL Mechanism Handler is enabled. |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
To list the configured SASL Mechanism Handlers:
dsconfig list-sasl-mechanism-handlers
[--property {propertyName}] ...
To view the configuration for an existing SASL Mechanism Handler:
dsconfig get-sasl-mechanism-handler-prop
--handler-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing SASL Mechanism Handler:
dsconfig set-sasl-mechanism-handler-prop
--handler-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new External SASL Mechanism Handler:
dsconfig create-sasl-mechanism-handler
--handler-name {name}
--type external
--set enabled:{propertyValue}
--set certificate-validation-policy:{propertyValue}
--set certificate-mapper:{propertyValue}
[--set {propertyName}:{propertyValue}] ...
To delete an existing SASL Mechanism Handler:
dsconfig delete-sasl-mechanism-handler
--handler-name {name}