Note: this component is designated "advanced", which means that objects of this type are not expected to be created or altered in most environments. If you believe that such a change is necessary, you may want to contact support in order to understand the potential impact of that change.
The Email OTP Delivery Mechanism may be used to deliver one-time passwords to users over e-mail, using an address stored in a specified attribute from the user's entry. Note that in order for this delivery mechanism to work properly, the global configuration must include at least one value for the smtp-server property to indicate which server(s) should be used to send the e-mail messages containing the one-time password values.
The Email OTP Delivery Mechanism component inherits from the OTP Delivery Mechanism
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| description | None |
| enabled | |
| email-address-attribute-type | |
| email-address-json-field | |
| email-address-json-object-filter | |
| sender-address | |
| message-subject | |
| message-text-before-otp | |
| message-text-after-otp |
| Description | A description for this OTP Delivery Mechanism |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether this OTP Delivery Mechanism is enabled for use in the server. |
| Default Value | None |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | The name or OID of the attribute that holds the email address to which the message should be sent. If the specified attribute type has a JSON object syntax (for example, the ubidEmailJSON attribute), then the email-address-json-field property must be used to specify the name of the top-level field that holds the email address, and the email-address-json-object-filter property may optionally be used to provide a JSON object filter to determine which (if any) address should be used. If the attribute type does not have a JSON object syntax, then the attribute value is expected to be a valid email address. If the attribute has multiple values, the first value will be selected. |
| Default Value | mail |
| Allowed Values | The name or OID of an attribute type defined in the server schema. |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | The name of the JSON field whose value is the email address to which the message should be sent. The email address must be contained in a top-level field whose value is a single string. If this is present, then the attribute type specified in the email-address-attribute-type property must have a JSON object syntax. Each value of the specified attribute type must contain information about a single email address, and if there are multiple values for that attribute then the first value that contains a value for the specified field (and that matches the filter specified in the email-address-json-object-filter property, if present) will be selected. If the ubidEmailJSON attribute type is to be used, then the field name should be "value". |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
email-address-json-object-filter
| Description | A JSON object filter that may be used to identify which email address value to use when sending the message. If this is present, then the attribute type specified in the email-address-attribute-type property must have a JSON object syntax, and the email-address-json-field property must be used to specify which field contains the email address value. This property may be useful in cases in which the JSON object containing the email address also includes other information that might be useful in determining whether that address is suitable for use. For example, if the ubidEmailJSON attribute type is to be used, then it may be desirable to only consider sending messages to email addresses that are marked as verified. In that case, a filter of (ubidEmailJSON:jsonObjectFilterExtensibleMatch:={ "filterType":"equals", "field":"verified", "value":true }) may be used to match only verified email address values. If the target attribute type has multiple values that match the filter, then the first matching value will be used. See the "Managing JSON Attribute Values" section of the administration guide, or the Javadoc documentation for the com.unboundid.ldap.sdk.unboundidds.jsonfilter.JSONObjectFilter class, for more details on creating and using JSON object filters. |
| Default Value | None |
| Allowed Values | A valid LDAP search filter |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The e-mail address to use as the sender for the one-time password. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | The subject to use for the e-mail message. |
| Default Value | Your one-time password |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Any text that should appear in the message before the one-time password value. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Any text that should appear in the message after the one-time password value. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
To list the configured OTP Delivery Mechanisms:
dsconfig list-otp-delivery-mechanisms
[--property {propertyName}] ...
To view the configuration for an existing OTP Delivery Mechanism:
dsconfig get-otp-delivery-mechanism-prop
--mechanism-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing OTP Delivery Mechanism:
dsconfig set-otp-delivery-mechanism-prop
--mechanism-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new Email OTP Delivery Mechanism:
dsconfig create-otp-delivery-mechanism
--mechanism-name {name}
--type email
--set enabled:{propertyValue}
--set sender-address:{propertyValue}
[--set {propertyName}:{propertyValue}] ...
To delete an existing OTP Delivery Mechanism:
dsconfig delete-otp-delivery-mechanism
--mechanism-name {name}