External SASL Mechanism Handler

Note: this component is designated "advanced", which means that objects of this type are not expected to be created or altered in most environments. If you believe that such a change is necessary, you may want to contact support in order to understand the potential impact of that change.

The External SASL Mechanism Handler performs all processing related to SASL EXTERNAL authentication.

Parent Component Relations from This Component Properties dsconfig Usage

Parent Component

The External SASL Mechanism Handler component inherits from the SASL Mechanism Handler

Relations from This Component

The following components have a direct aggregation relation from External SASL Mechanism Handlers:

Properties

The properties supported by this managed object are as follows:


Basic Properties: Advanced Properties:
 description  None
 enabled
 certificate-validation-policy
 certificate-attribute
 certificate-mapper

Basic Properties

description

Description
A description for this SASL Mechanism Handler
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

enabled

Description
Indicates whether the SASL mechanism handler is enabled for use.
Default Value
None
Allowed Values
true
false
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

certificate-validation-policy

Description
Indicates whether to attempt to validate the peer certificate against a certificate held in the user's entry.
Default Value
None
Allowed Values
always - Always require the peer certificate to be present in the user's entry.

ifpresent - If the user's entry contains one or more certificates, require that one of them match the peer certificate.

never - Do not look for the peer certificate to be present in the user's entry.
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

certificate-attribute

Description
Specifies the name of the attribute to hold user certificates. This property must specify the name of a valid attribute type defined in the server schema.
Default Value
userCertificate
Allowed Values
The name or OID of an attribute type defined in the server schema.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

certificate-mapper

Description
Specifies the name of the certificate mapper that should be used to match client certificates to user entries.
Default Value
None
Allowed Values
The DN of any Certificate Mapper. The referenced certificate mapper must be enabled when the External SASL Mechanism Handler is enabled.
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action


dsconfig Usage

To list the configured SASL Mechanism Handlers:

dsconfig list-sasl-mechanism-handlers
     [--property {propertyName}] ...

To view the configuration for an existing SASL Mechanism Handler:

dsconfig get-sasl-mechanism-handler-prop
     --handler-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing SASL Mechanism Handler:

dsconfig set-sasl-mechanism-handler-prop
     --handler-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...