Configuration Reference Home
OpenDJ - Fingerprint Certificate Mapper

Fingerprint Certificate Mapper

The Fingerprint Certificate Mapper maps client certificates to user entries by looking for the MD5 or SHA1 fingerprint in a specified attribute of user entries.

Parent Component

The Fingerprint Certificate Mapper component inherits from the Certificate Mapper

Properties

A description of each property follows.


Basic Properties: Advanced Properties:
↓ enabled ↓ java-class
↓ fingerprint-algorithm
↓ fingerprint-attribute
↓ user-base-dn

Basic Properties

enabled

Description
Indicates whether the Certificate Mapper is enabled.
Default Value
None
Allowed Values
true
false
Multi-valued
No
Required
Yes
Admin Action Required
None
Advanced Property
No
Read-only
No

fingerprint-algorithm

Description
Specifies the name of the digest algorithm to compute the fingerprint of client certificates.
Default Value
None
Allowed Values
md5 - Use the MD5 digest algorithm to compute certificate fingerprints.

sha1 - Use the SHA-1 digest algorithm to compute certificate fingerprints.


Multi-valued
No
Required
Yes
Admin Action Required
None
Advanced Property
No
Read-only
No

fingerprint-attribute

Description
Specifies the attribute in which to look for the fingerprint. Values of the fingerprint attribute should exactly match the MD5 or SHA1 representation of the certificate fingerprint.
Default Value
None
Allowed Values
The name of an attribute type defined in the server schema.
Multi-valued
No
Required
Yes
Admin Action Required
None
Advanced Property
No
Read-only
No

user-base-dn

Description
Specifies the set of base DNs below which to search for users. The base DNs are used when performing searches to map the client certificates to a user entry.
Default Value
The server performs the search in all public naming contexts.
Allowed Values
A valid DN.
Multi-valued
Yes
Required
No
Admin Action Required
None
Advanced Property
No
Read-only
No


Advanced Properties

java-class

Description
Specifies the fully-qualified name of the Java class that provides the Fingerprint Certificate Mapper implementation.
Default Value
org.opends.server.extensions.FingerprintCertificateMapper
Allowed Values
A java class that implements or extends the class(es) :
org.opends.server.api.CertificateMapper
Multi-valued
No
Required
Yes
Admin Action Required
The Fingerprint Certificate Mapper must be disabled and re-enabled for changes to this setting to take effect
Advanced Property
Yes
Read-only
No