Directory Proxy Server Documentation Index
Configuration Reference Home

Email OTP Delivery Mechanism

Note: this component is designated "advanced", which means that objects of this type are not expected to be created or altered in most environments. If you believe that such a change is necessary, you may want to contact support in order to understand the potential impact of that change.

The Email OTP Delivery Mechanism may be used to deliver one-time passwords to users over e-mail, using an address stored in a specified attribute from the user's entry. Note that in order for this delivery mechanism to work properly, the global configuration must include at least one value for the smtp-server property to indicate which server(s) should be used to send the e-mail messages containing the one-time password values.

Parent Component
Properties
dsconfig Usage

Parent Component

The Email OTP Delivery Mechanism component inherits from the OTP Delivery Mechanism

Properties

The properties supported by this managed object are as follows:


Basic Properties: Advanced Properties:
↓ description  None
↓ enabled
↓ email-address-attribute-type
↓ email-address-json-field
↓ email-address-json-object-filter
↓ sender-address
↓ message-subject
↓ message-text-before-otp
↓ message-text-after-otp

Basic Properties

description

Description
A description for this OTP Delivery Mechanism
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

enabled

Description
Indicates whether this OTP Delivery Mechanism is enabled for use in the server.
Default Value
None
Allowed Values
true
false
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

email-address-attribute-type

Description
The name or OID of the attribute that holds the email address to which the message should be sent. If the specified attribute type has a JSON object syntax (for example, the ubidEmailJSON attribute), then the email-address-json-field property must be used to specify the name of the top-level field that holds the email address, and the email-address-json-object-filter property may optionally be used to provide a JSON object filter to determine which (if any) address should be used.
If the attribute type does not have a JSON object syntax, then the attribute value is expected to be a valid email address. If the attribute has multiple values, the first value will be selected.
Default Value
mail
Allowed Values
The name or OID of an attribute type defined in the server schema.
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

email-address-json-field

Description
The name of the JSON field whose value is the email address to which the message should be sent. The email address must be contained in a top-level field whose value is a single string. If this is present, then the attribute type specified in the email-address-attribute-type property must have a JSON object syntax. Each value of the specified attribute type must contain information about a single email address, and if there are multiple values for that attribute then the first value that contains a value for the specified field (and that matches the filter specified in the email-address-json-object-filter property, if present) will be selected.
If the ubidEmailJSON attribute type is to be used, then the field name should be "value".
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

email-address-json-object-filter

Description
A JSON object filter that may be used to identify which email address value to use when sending the message. If this is present, then the attribute type specified in the email-address-attribute-type property must have a JSON object syntax, and the email-address-json-field property must be used to specify which field contains the email address value.
This property may be useful in cases in which the JSON object containing the email address also includes other information that might be useful in determining whether that address is suitable for use. For example, if the ubidEmailJSON attribute type is to be used, then it may be desirable to only consider sending messages to email addresses that are marked as verified. In that case, a filter of
(ubidEmailJSON:jsonObjectFilterExtensibleMatch:={ "filterType":"equals", "field":"verified", "value":true })

may be used to match only verified email address values.
If the target attribute type has multiple values that match the filter, then the first matching value will be used.
See the "Managing JSON Attribute Values" section of the administration guide, or the Javadoc documentation for the com.unboundid.ldap.sdk.unboundidds.jsonfilter.JSONObjectFilter class, for more details on creating and using JSON object filters.
Default Value
None
Allowed Values
A valid LDAP search filter
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

sender-address

Description
The e-mail address to use as the sender for the one-time password.
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

message-subject

Description
The subject to use for the e-mail message.
Default Value
Your one-time password
Allowed Values
A string
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

message-text-before-otp

Description
Any text that should appear in the message before the one-time password value.
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

message-text-after-otp

Description
Any text that should appear in the message after the one-time password value.
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action


dsconfig Usage

To list the configured OTP Delivery Mechanisms:

dsconfig list-otp-delivery-mechanisms
     [--property {propertyName}] ...

To view the configuration for an existing OTP Delivery Mechanism:

dsconfig get-otp-delivery-mechanism-prop
     --mechanism-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing OTP Delivery Mechanism:

dsconfig set-otp-delivery-mechanism-prop
     --mechanism-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new Email OTP Delivery Mechanism:

dsconfig create-otp-delivery-mechanism
     --mechanism-name {name}
     --type email
     --set enabled:{propertyValue}
     --set sender-address:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing OTP Delivery Mechanism:

dsconfig delete-otp-delivery-mechanism
     --mechanism-name {name}