Note: this component is designated "advanced", which means that objects of this type are not expected to be created or altered in most environments. If you believe that such a change is necessary, you may want to contact support in order to understand the potential impact of that change.
The Exact Match Identity Mapper maps an identifier string to user entries by searching for the entry containing a specified attribute whose value is the provided identifier. For example, the username provided by the client for DIGEST-MD5 authentication must match the value of the uid attribute
↓Parent Component
↓Properties
↓dsconfig Usage
The Exact Match Identity Mapper component inherits from the Identity Mapper
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| ↓ description | None |
| ↓ enabled | |
| ↓ match-attribute | |
| ↓ match-base-dn | |
| ↓ match-filter |
| Description | A description for this Identity Mapper |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether the Identity Mapper is enabled for use. |
| Default Value | None |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the attribute whose value should exactly match the ID string provided to this identity mapper. At least one value must be provided. All values must refer to the name or OID of an attribute type defined in the Data Sync Server schema. If multiple attributes or OIDs are provided, at least one of those attributes must contain the provided ID string value in exactly one entry. The internal search performed includes a logical OR across all of these values. |
| Default Value | uid |
| Allowed Values | The name or OID of an attribute type defined in the server schema. |
| Multi-Valued | Yes |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the set of base DNs below which to search for users. The base DNs will be used when performing searches to map the provided ID string to a user entry. If multiple values are given, searches are performed below all specified base DNs. |
| Default Value | The server searches below all public naming contexts. |
| Allowed Values | A valid DN. |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | An optional filter that mapped users must match. If a filter is provided, then it will be ANDed with the filter component generated by this Exact Match Identity Mapper. If no filter is provided, then only the filter generated by this Exact Match Identity Mapper will be used. |
| Default Value | None |
| Allowed Values | A valid LDAP search filter |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
To list the configured Identity Mappers:
dsconfig list-identity-mappers
[--property {propertyName}] ...
To view the configuration for an existing Identity Mapper:
dsconfig get-identity-mapper-prop
--mapper-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing Identity Mapper:
dsconfig set-identity-mapper-prop
--mapper-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new Exact Match Identity Mapper:
dsconfig create-identity-mapper
--mapper-name {name}
--type exact-match
--set enabled:{propertyValue}
[--set {propertyName}:{propertyValue}] ...
To delete an existing Identity Mapper:
dsconfig delete-identity-mapper
--mapper-name {name}