Use this topic for how to make changes for customizing authentication and authorization access with the Configuration API.
Clients must use HTTP basic authentication to authenticate to the Configuration API. If
the username value is not a distinguished name (DN), then it resolves to a DN value
using the identity mapper associated with the Configuration servlet. By default, the
Configuration API uses an identity mapper that allows an entry’s UID value to be used as
a username. To customize this behavior, either customize the default identity mapper or
specify a different identity mapper using the Configuration servlet’s
identity-mapper property. The following code provides an
$ bin/dsconfig set-http-servlet-extension-prop \ --extension-name Configuration \ --set "identity-mapper:Alternative Identity Mapper”
To access configuration information, users must have the appropriate privileges:
- To access the
cn=configbackend, users must have the
bypass-aclprivilege or be allowed access to the configuration using an ACI.
- To read configuration information, users must have the
- To update the configuration, users must have the