Directory Services 7.2.5

Exact Match Identity Mapper

The Exact Match Identity Mapper maps an identifier string to user entries by searching for the entry containing a specified attribute whose value is the provided identifier. For example, the username provided by the client for DIGEST-MD5 authentication must match the value of the uid attribute

Parent

The Exact Match Identity Mapper object inherits from Identity Mapper.

Exact Match Identity Mapper properties

You can use configuration expressions to set property values at startup time. For details, see Property value substitution.

Basic Properties Advanced Properties

enabled
match-attribute
match-base-dn

java-class

Basic properties

Use the --advanced option to access advanced properties.

enabled

Synopsis

Indicates whether the Identity Mapper is enabled for use.

Default value

None

Allowed values

true

false

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

match-attribute

Synopsis

Specifies the attribute whose value should exactly match the ID string provided to this identity mapper.

Description

At least one value must be provided. All values must refer to the name or OID of an attribute type defined in the directory server schema. If multiple attributes or OIDs are provided, at least one of those attributes must contain the provided ID string value in exactly one entry. The internal search performed includes a logical OR across all of these values.

Default value

uid

Allowed values

The name of an attribute type defined in the LDAP schema.

Multi-valued

Yes

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

match-base-dn

Synopsis

Specifies the set of base DNs below which to search for users.

Description

The base DNs will be used when performing searches to map the provided ID string to a user entry. If multiple values are given, searches are performed below all specified base DNs.

Default value

The server searches below all public naming contexts local to the server.

Allowed values

A valid DN.

Multi-valued

Yes

Required

No

Admin action required

None

Advanced

No

Read-only

No

Advanced properties

Use the --advanced option to access advanced properties.

java-class

Synopsis

Specifies the fully-qualified name of the Java class that provides the Exact Match Identity Mapper implementation.

Default value

org.opends.server.extensions.ExactMatchIdentityMapper

Allowed values

A Java class that extends or implements:

  • org.opends.server.api.IdentityMapper

Multi-valued

No

Required

Yes

Admin action required

The object must be disabled and re-enabled for changes to take effect.

Advanced

Yes

Read-only

No

Copyright © 2010-2024 ForgeRock, all rights reserved.