Note: this component is designated "advanced", which means that objects of this type are not expected to be created or altered in most environments. If you believe that such a change is necessary, you may want to contact support in order to understand the potential impact of that change.
The UnboundID External Auth SASL Mechanism Handler may be used to indicate that a user has attempted authentication using some mechanism that is external to the Directory Server (e.g., via a social login mechanism like Facebook, Google, Twitter, etc.).
The use of this mechanism will not change the authentication state of the underlying connection, but allows the Directory Server to verify that the user's account is in a usable state and reject the authentication attempt if it is not for some reason (e.g., the account has been locked or disabled, or if the user's password has expired). It can also update the user's password policy state to reflect the authentication attempt (e.g., to update the last login time and last login IP address if the attempt was successful, or to update the record of failures if it was not successful).
The UnboundID External Auth SASL Mechanism Handler component inherits from the SASL Mechanism Handler
The following components have a direct aggregation relation from UnboundID External Auth SASL Mechanism Handlers:
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| description | None |
| enabled | |
| identity-mapper |
| Description | A description for this SASL Mechanism Handler |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether the SASL mechanism handler is enabled for use. |
| Default Value | None |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | The identity mapper that should be used to identify the user targeted by the authentication ID contained in the bind request. This will only be used for "u:"-style authentication ID values. |
| Default Value | None |
| Allowed Values | The DN of any Identity Mapper. If this UnboundID External Auth SASL Mechanism Handler is enabled, then the associated identity mapper must also be enabled. |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
To list the configured SASL Mechanism Handlers:
dsconfig list-sasl-mechanism-handlers
[--property {propertyName}] ...
To view the configuration for an existing SASL Mechanism Handler:
dsconfig get-sasl-mechanism-handler-prop
--handler-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing SASL Mechanism Handler:
dsconfig set-sasl-mechanism-handler-prop
--handler-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...