External SASL Mechanism Handler
The External SASL Mechanism Handler performs all processing related to SASL EXTERNAL authentication.
Parent
The External SASL Mechanism Handler object inherits from SASL Mechanism Handler.
External SASL Mechanism Handler properties
You can use configuration expressions to set property values at startup time. For details, see Property value substitution.
Basic Properties | Advanced Properties |
---|---|
certificate-attribute |
certificate-attribute
Synopsis |
Specifies the name of the attribute to hold user certificates. |
Description |
This property must specify the name of a valid attribute type defined in the server schema. |
Default value |
userCertificate |
Allowed values |
The name of an attribute type defined in the LDAP schema. |
Multi-valued |
No |
Required |
No |
Admin action required |
None |
Advanced |
No |
Read-only |
No |
certificate-mapper
Synopsis |
Specifies the name(s) of the certificate mapper(s) that should be used to match client certificates to user entries. |
Default value |
None |
Allowed values |
The name of an existing certificate-mapper. The referenced certificate mapper(s) must be enabled when the External SASL Mechanism Handler is enabled. |
Multi-valued |
Yes |
Required |
Yes |
Admin action required |
None |
Advanced |
No |
Read-only |
No |
certificate-validation-policy
Synopsis |
Indicates whether to attempt to validate the peer certificate against a certificate held in the user’s entry. |
Default value |
None |
Allowed values |
|
Multi-valued |
No |
Required |
Yes |
Admin action required |
None |
Advanced |
No |
Read-only |
No |
Advanced properties
Use the --advanced
option to access advanced properties.
java-class
Synopsis |
Specifies the fully-qualified name of the Java class that provides the SASL mechanism handler implementation. |
Default value |
org.opends.server.extensions.ExternalSASLMechanismHandler |
Allowed values |
A Java class that extends or implements:
|
Multi-valued |
No |
Required |
Yes |
Admin action required |
The object must be disabled and re-enabled for changes to take effect. |
Advanced |
Yes |
Read-only |
No |