The Fingerprint Certificate Mapper maps client certificates to user entries by looking for the MD5, SHA-1, or SHA-2 fingerprint in a specified attribute of user entries.
The Fingerprint Certificate Mapper component inherits from the Certificate Mapper
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| description | None |
| enabled | |
| fingerprint-attribute | |
| fingerprint-algorithm | |
| user-base-dn |
| Description | A description for this Certificate Mapper |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether the Certificate Mapper is enabled. |
| Default Value | None |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the attribute in which to look for the fingerprint. Values of the fingerprint attribute should exactly match the MD5, SHA-1, or SHA-2 representation of the certificate fingerprint. |
| Default Value | ds-certificate-fingerprint |
| Allowed Values | The name or OID of an attribute type defined in the server schema. |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the name of the digest algorithm to compute the fingerprint of client certificates. |
| Default Value | None |
| Allowed Values | md5 - Use the MD5 digest algorithm to compute certificate fingerprints. sha1 - Use the SHA-1 digest algorithm to compute certificate fingerprints. sha256 - Use the 256-bit SHA-2 digest algorithm to compute certificate fingerprints. |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the set of base DNs below which to search for users. The base DNs are used when performing searches to map the client certificates to a user entry. |
| Default Value | The server performs the search in all public naming contexts. |
| Allowed Values | A valid DN. |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
To list the configured Certificate Mappers:
dsconfig list-certificate-mappers
[--property {propertyName}] ...
To view the configuration for an existing Certificate Mapper:
dsconfig get-certificate-mapper-prop
--mapper-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing Certificate Mapper:
dsconfig set-certificate-mapper-prop
--mapper-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new Fingerprint Certificate Mapper:
dsconfig create-certificate-mapper
--mapper-name {name}
--type fingerprint
--set enabled:{propertyValue}
--set fingerprint-algorithm:{propertyValue}
[--set {propertyName}:{propertyValue}] ...
To delete an existing Certificate Mapper:
dsconfig delete-certificate-mapper
--mapper-name {name}