Fingerprint Certificate Mapper

The Fingerprint Certificate Mapper maps client certificates to user entries by looking for the MD5, SHA-1, or SHA-2 fingerprint in a specified attribute of user entries.

Parent Component Properties dsconfig Usage

Parent Component

The Fingerprint Certificate Mapper component inherits from the Certificate Mapper

Properties

The properties supported by this managed object are as follows:


Basic Properties: Advanced Properties:
 description  None
 enabled
 fingerprint-attribute
 fingerprint-algorithm
 user-base-dn

Basic Properties

description

Description
A description for this Certificate Mapper
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

enabled

Description
Indicates whether the Certificate Mapper is enabled.
Default Value
None
Allowed Values
true
false
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

fingerprint-attribute

Description
Specifies the attribute in which to look for the fingerprint. Values of the fingerprint attribute should exactly match the MD5, SHA-1, or SHA-2 representation of the certificate fingerprint.
Default Value
ds-certificate-fingerprint
Allowed Values
The name or OID of an attribute type defined in the server schema.
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

fingerprint-algorithm

Description
Specifies the name of the digest algorithm to compute the fingerprint of client certificates.
Default Value
None
Allowed Values
md5 - Use the MD5 digest algorithm to compute certificate fingerprints.

sha1 - Use the SHA-1 digest algorithm to compute certificate fingerprints.

sha256 - Use the 256-bit SHA-2 digest algorithm to compute certificate fingerprints.
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

user-base-dn

Description
Specifies the set of base DNs below which to search for users. The base DNs are used when performing searches to map the client certificates to a user entry.
Default Value
The server performs the search in all public naming contexts.
Allowed Values
A valid DN.
Multi-Valued
Yes
Required
No
Admin Action Required
None. Modification requires no further action


dsconfig Usage

To list the configured Certificate Mappers:

dsconfig list-certificate-mappers
     [--property {propertyName}] ...

To view the configuration for an existing Certificate Mapper:

dsconfig get-certificate-mapper-prop
     --mapper-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing Certificate Mapper:

dsconfig set-certificate-mapper-prop
     --mapper-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new Fingerprint Certificate Mapper:

dsconfig create-certificate-mapper
     --mapper-name {name}
     --type fingerprint
     --set enabled:{propertyValue}
     --set fingerprint-algorithm:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing Certificate Mapper:

dsconfig delete-certificate-mapper
     --mapper-name {name}