UnboundID External Auth SASL Mechanism Handler

Note: this component is designated "advanced", which means that objects of this type are not expected to be created or altered in most environments. If you believe that such a change is necessary, you may want to contact support in order to understand the potential impact of that change.

The UnboundID External Auth SASL Mechanism Handler may be used to indicate that a user has attempted authentication using some mechanism that is external to the Directory Server (e.g., via a social login mechanism like Facebook, Google, Twitter, etc.).

The use of this mechanism will not change the authentication state of the underlying connection, but allows the Directory Server to verify that the user's account is in a usable state and reject the authentication attempt if it is not for some reason (e.g., the account has been locked or disabled, or if the user's password has expired). It can also update the user's password policy state to reflect the authentication attempt (e.g., to update the last login time and last login IP address if the attempt was successful, or to update the record of failures if it was not successful).

Parent Component Relations from This Component Properties dsconfig Usage

Parent Component

The UnboundID External Auth SASL Mechanism Handler component inherits from the SASL Mechanism Handler

Relations from This Component

The following components have a direct aggregation relation from UnboundID External Auth SASL Mechanism Handlers:

Properties

The properties supported by this managed object are as follows:


Basic Properties: Advanced Properties:
 description  None
 enabled
 identity-mapper

Basic Properties

description

Description
A description for this SASL Mechanism Handler
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

enabled

Description
Indicates whether the SASL mechanism handler is enabled for use.
Default Value
None
Allowed Values
true
false
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

identity-mapper

Description
The identity mapper that should be used to identify the user targeted by the authentication ID contained in the bind request. This will only be used for "u:"-style authentication ID values.
Default Value
None
Allowed Values
The DN of any Identity Mapper. If this UnboundID External Auth SASL Mechanism Handler is enabled, then the associated identity mapper must also be enabled.
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action


dsconfig Usage

To list the configured SASL Mechanism Handlers:

dsconfig list-sasl-mechanism-handlers
     [--property {propertyName}] ...

To view the configuration for an existing SASL Mechanism Handler:

dsconfig get-sasl-mechanism-handler-prop
     --handler-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing SASL Mechanism Handler:

dsconfig set-sasl-mechanism-handler-prop
     --handler-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...