Subject DN To User Attribute Certificate Mapper

The Subject DN To User Attribute Certificate Mapper maps client certificates to user entries by looking for the certificate subject DN in a specified attribute of user entries.

Parent

The Subject DN To User Attribute Certificate Mapper object inherits from Certificate Mapper.

Basic Properties

enabled

SynopsisIndicates whether the Certificate Mapper is enabled.
Default Value

None

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced

No

Read-Only

No

issuer-attribute

SynopsisSpecifies the name or OID of the attribute whose value should exactly match the certificate issuer DN.
DescriptionCertificate issuer verification should be enabled whenever multiple CAs are trusted in order to prevent impersonation. In particular, it is possible for different CAs to issue certificates having the same subject DN.
Default Value

The certificate issuer DN will not be verified.

Allowed Values

The name of an attribute type defined in the LDAP schema.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced

No

Read-Only

No

subject-attribute

SynopsisSpecifies the name or OID of the attribute whose value should exactly match the certificate subject DN.
Default Value

None

Allowed Values

The name of an attribute type defined in the LDAP schema.

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced

No

Read-Only

No

user-base-dn

SynopsisSpecifies the base DNs that should be used when performing searches to map the client certificate to a user entry.
Default Value

The server will perform the search in all public naming contexts.

Allowed Values

A valid DN.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced

No

Read-Only

No

Advanced Properties

Use the --advanced option to access advanced properties.

java-class

SynopsisSpecifies the fully-qualified name of the Java class that provides the Subject DN To User Attribute Certificate Mapper implementation.
Default Value

org.opends.server.extensions.SubjectDNToUserAttributeCertificateMapper

Allowed Values

A Java class that extends or implements:

  • org.opends.server.api.CertificateMapper

Multi-valued

No

Required

Yes

Admin Action Required

The object must be disabled and re-enabled for changes to take effect.

Advanced

Yes

Read-Only

No

Read a different version of :