Exact Match Identity Mapper

The Exact Match Identity Mapper maps an identifier string to user entries by searching for the entry containing a specified attribute whose value is the provided identifier. For example, the username provided by the client for DIGEST-MD5 authentication must match the value of the uid attribute

Parent Component Properties dsconfig Usage

Parent Component

The Exact Match Identity Mapper component inherits from the Identity Mapper

Properties

The properties supported by this managed object are as follows:


Basic Properties: Advanced Properties:
 description  None
 enabled
 match-attribute
 match-base-dn
 match-filter

Basic Properties

description

Description
A description for this Identity Mapper
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

enabled

Description
Indicates whether the Identity Mapper is enabled for use.
Default Value
None
Allowed Values
true
false
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

match-attribute

Description
Specifies the attribute whose value should exactly match the ID string provided to this identity mapper. At least one value must be provided. All values must refer to the name or OID of an attribute type defined in the Directory Server schema. If multiple attributes or OIDs are provided, at least one of those attributes must contain the provided ID string value in exactly one entry. The internal search performed includes a logical OR across all of these values.
Default Value
uid
Allowed Values
The name or OID of an attribute type defined in the server schema.
Multi-Valued
Yes
Required
Yes
Admin Action Required
None. Modification requires no further action

match-base-dn

Description
Specifies the set of base DNs below which to search for users. The base DNs will be used when performing searches to map the provided ID string to a user entry. If multiple values are given, searches are performed below all specified base DNs.
Default Value
The server searches below all public naming contexts.
Allowed Values
A valid DN.
Multi-Valued
Yes
Required
No
Admin Action Required
None. Modification requires no further action

match-filter

Description
An optional filter that mapped users must match. If a filter is provided, then it will be ANDed with the filter component generated by this Exact Match Identity Mapper. If no filter is provided, then only the filter generated by this Exact Match Identity Mapper will be used.
Default Value
None
Allowed Values
A valid LDAP search filter
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action


dsconfig Usage

To list the configured Identity Mappers:

dsconfig list-identity-mappers
     [--property {propertyName}] ...

To view the configuration for an existing Identity Mapper:

dsconfig get-identity-mapper-prop
     --mapper-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing Identity Mapper:

dsconfig set-identity-mapper-prop
     --mapper-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new Exact Match Identity Mapper:

dsconfig create-identity-mapper
     --mapper-name {name}
     --type exact-match
     --set enabled:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing Identity Mapper:

dsconfig delete-identity-mapper
     --mapper-name {name}