The types of certificate mappers that it offers by default include:

Subject Equals DN
This certificate mapper expects the subject DN of the certificate to match the distinguished name (DN) of the corresponding user entry.
Subject Attribute to User Attribute
This certificate mapper extracts the values of a specified set of attributes from the certificate subject and search for an entry containing those values in a corresponding set of attributes. The default instance of this certificate mapper tries to map the CN attribute from the certificate’s subject to the cn attribute in the user’s entry, or the E attribute in the certificate’s subject to the mail attribute in the user’s entry.
Subject DN to User Attribute
This certificate mapper expects the user’s entry to contain a specified attribute whose value matches the subject DN of the presented certificate.
Fingerprint
This certificate mapper expects the user’s entry to contain a specified attribute whose value matches the SHA-256, SHA-1, or MD5 fingerprint of the presented certificate.

You can also use the UnboundID Server SDK to create custom certificate mapper implementations.