Subject Equals DN Certificate Mapper
The Subject Equals DN Certificate Mapper maps client certificates to user entries based on the assumption that the certificate subject is the same as the DN of the target user entry.
Parent
The Subject Equals DN Certificate Mapper object inherits from Certificate Mapper.
Subject Equals DN Certificate Mapper Properties
You can use configuration expressions to set property values at startup time. For details, see Property Value Substitution.
Basic Properties | Advanced Properties |
---|---|
enabled
Synopsis |
Indicates whether the Certificate Mapper is enabled. |
Default Value |
None |
Allowed Values |
true false |
Multi-valued |
No |
Required |
Yes |
Admin Action Required |
None |
Advanced |
No |
Read-Only |
No |
issuer-attribute
Synopsis |
Specifies the name or OID of the attribute whose value should exactly match the certificate issuer DN. |
Description |
Certificate issuer verification should be enabled whenever multiple CAs are trusted in order to prevent impersonation. In particular, it is possible for different CAs to issue certificates having the same subject DN. |
Default Value |
The certificate issuer DN will not be verified. |
Allowed Values |
The name of an attribute type defined in the LDAP schema. |
Multi-valued |
No |
Required |
No |
Admin Action Required |
None |
Advanced |
No |
Read-Only |
No |
Advanced Properties
Use the --advanced
option to access advanced properties.
java-class
Synopsis |
Specifies the fully-qualified name of the Java class that provides the Subject Equals DN Certificate Mapper implementation. |
Default Value |
org.opends.server.extensions.SubjectEqualsDNCertificateMapper |
Allowed Values |
A Java class that extends or implements:
|
Multi-valued |
No |
Required |
Yes |
Admin Action Required |
The object must be disabled and re-enabled for changes to take effect. |
Advanced |
Yes |
Read-Only |
No |