Directory Services 7.3.5

Identity Mapper

This is an abstract object type that cannot be instantiated.

Identity Mappers are responsible for establishing a mapping between an identifier string provided by a client, and the entry for the user that corresponds to that identifier. Identity Mappers are used to process several SASL mechanisms to map an authorization ID (e.g., a Kerberos principal when using GSSAPI) to a directory user. They are also used when processing requests with the proxied authorization control.

Identity Mappers

The following Identity Mappers are available:

These Identity Mappers inherit the properties described below.

Identity Mapper properties

You can use configuration expressions to set property values at startup time. For details, see Property value substitution.

Basic Properties

enabled
java-class

Basic properties

Use the --advanced option to access advanced properties.

enabled

Synopsis

Indicates whether the Identity Mapper is enabled for use.

Default value

None

Allowed values

true

false

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

java-class

Synopsis

Specifies the fully-qualified name of the Java class that provides the Identity Mapper implementation.

Default value

None

Allowed values

A Java class that extends or implements:

  • org.opends.server.api.IdentityMapper

Multi-valued

No

Required

Yes

Admin action required

The object must be disabled and re-enabled for changes to take effect.

Advanced

No

Read-only

No