# Create an identity mapper that expects the token subject to be a uid
dsconfig create-identity-mapper \
	--mapper-name "User ID Identity Mapper" \
	--type exact-match \
	--set enabled:true \
	--set match-attribute:uid \
	--set match-base-dn:ou=people,dc=example,dc=com			
	
# Add the public signing certificate to the server configuration
dsconfig create-trusted-certificate \
	--certificate-name "JWT Signing Certificate" \
	--set "certificate</path/to/signing-certificate.pem"
					
# Create the Access Token Validator 
dsconfig create-access-token-validator \
	--validator-name "JWT Access Token Validator" \
	--type jwt \
	--set enabled:true \
	--set evaluation-order-index:1000 \
	--set allowed-signing-algorithm:RS256 \
	--set "trusted-certificate:JWT Signing Certificate"
	--set "identity-mapper:User ID Identity Mapper"