UnboundID Metrics Engine - Fingerprint Certificate Mapper

Metrics Engine Documentation Index
Configuration Reference Home

Fingerprint Certificate Mapper

Note: this component has a complexity level of "expert", which means that objects of this type are not expected to be created or altered. Please contact UnboundID support for assistance if you believe that you have a need to create or modify this type of object.

The Fingerprint Certificate Mapper maps client certificates to user entries by looking for the MD5 or SHA1 fingerprint in a specified attribute of user entries.

↓Parent Component
↓Properties
↓dsconfig Usage

Parent Component

The Fingerprint Certificate Mapper component inherits from the Certificate Mapper

Properties

The properties supported by this managed object are as follows:

Basic Properties:	Advanced Properties:
↓ description	None
↓ enabled
↓ fingerprint-attribute
↓ fingerprint-algorithm
↓ user-base-dn

Basic Properties

description

Description	A description for this Certificate Mapper
Default Value	None
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

enabled

Description	Indicates whether the Certificate Mapper is enabled.
Default Value	None
Allowed Values	true false
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

fingerprint-attribute

Description	Specifies the attribute in which to look for the fingerprint. Values of the fingerprint attribute should exactly match the MD5 or SHA1 representation of the certificate fingerprint.
Default Value	ds-certificate-fingerprint
Allowed Values	The name or OID of an attribute type defined in the server schema.
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

fingerprint-algorithm

Description	Specifies the name of the digest algorithm to compute the fingerprint of client certificates.
Default Value	None
Allowed Values	md5 - Use the MD5 digest algorithm to compute certificate fingerprints. sha1 - Use the SHA-1 digest algorithm to compute certificate fingerprints.
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

user-base-dn

Description	Specifies the set of base DNs below which to search for users. The base DNs are used when performing searches to map the client certificates to a user entry.
Default Value	The server performs the search in all public naming contexts.
Allowed Values	A valid DN.
Multi-Valued	Yes
Required	No
Admin Action Required	None. Modification requires no further action

dsconfig Usage

To list the configured Certificate Mappers:

dsconfig list-certificate-mappers
     [--property {propertyName}] ...

To view the configuration for an existing Certificate Mapper:

dsconfig get-certificate-mapper-prop
     --mapper-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing Certificate Mapper:

dsconfig set-certificate-mapper-prop
     --mapper-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new Fingerprint Certificate Mapper:

dsconfig create-certificate-mapper
     --mapper-name {name}
     --type fingerprint
     --set enabled:{propertyValue}
     --set fingerprint-algorithm:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing Certificate Mapper:

dsconfig delete-certificate-mapper
     --mapper-name {name}