Directory Services 7.4.2

Certificate Mapper

This is an abstract object type that cannot be instantiated.

Certificate Mappers are responsible for establishing a mapping between a client certificate and the entry for the user that corresponds to that certificate.

Certificate Mappers

The following Certificate Mappers are available:

These Certificate Mappers inherit the properties described below.

Dependencies

The following objects depend on Certificate Mappers:

Certificate Mapper properties

You can use configuration expressions to set property values at startup time. For details, see Property value substitution.

Basic Properties

enabled
issuer-attribute
java-class

Basic properties

Use the --advanced option to access advanced properties.

enabled

Synopsis

Indicates whether the Certificate Mapper is enabled.

Default value

None

Allowed values

true

false

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

issuer-attribute

Synopsis

Specifies the name or OID of the attribute whose value should exactly match the certificate issuer DN.

Description

Certificate issuer verification should be enabled whenever multiple CAs are trusted in order to prevent impersonation. In particular, it is possible for different CAs to issue certificates having the same subject DN.

Default value

The certificate issuer DN will not be verified.

Allowed values

The name of an attribute type defined in the LDAP schema.

Multi-valued

No

Required

No

Admin action required

None

Advanced

No

Read-only

No

java-class

Synopsis

Specifies the fully-qualified name of the Java class that provides the Certificate Mapper implementation.

Default value

None

Allowed values

A Java class that extends or implements:

  • org.opends.server.api.CertificateMapper

Multi-valued

No

Required

Yes

Admin action required

The object must be disabled and re-enabled for changes to take effect.

Advanced

No

Read-only

No