The External SASL Mechanism Handler performs all processing related to SASL EXTERNAL authentication.
The External SASL Mechanism Handler component inherits from the SASL Mechanism Handler
The following components have a direct AGGREGATION relation FROM External SASL Mechanism Handlers :
This page describes the External SASL Mechanism Handler:
A description of each property follows.
| Basic Properties: | Advanced Properties: |
|---|---|
| ↓ certificate-attribute | ↓ java-class |
| ↓ certificate-mapper | |
| ↓ certificate-validation-policy | |
| ↓ enabled |
| Description | Specifies the name of the attribute to hold user certificates. This property must specify the name of a valid attribute type defined in the server schema. |
| Default Value | userCertificate |
| Allowed Values | The name of an attribute type defined in the server schema. |
| Multi-valued | No |
| Required | No |
| Admin Action Required | None |
| Advanced Property | No |
| Read-only | No |
| Description | Specifies the name of the certificate mapper that should be used to match client certificates to user entries. |
| Default Value | None |
| Allowed Values | The DN of any Certificate Mapper. The referenced certificate mapper must be enabled when the External SASL Mechanism Handler is enabled. |
| Multi-valued | No |
| Required | Yes |
| Admin Action Required | None |
| Advanced Property | No |
| Read-only | No |
| Description | Indicates whether to attempt to validate the peer certificate against a certificate held in the user's entry. |
| Default Value | None |
| Allowed Values | always - Always require the peer certificate to be present in the user's entry. ifpresent - If the user's entry contains one or more certificates, require that one of them match the peer certificate. never - Do not look for the peer certificate to be present in the user's entry. |
| Multi-valued | No |
| Required | Yes |
| Admin Action Required | None |
| Advanced Property | No |
| Read-only | No |
| Description | Indicates whether the SASL mechanism handler is enabled for use. |
| Default Value | None |
| Allowed Values | true false |
| Multi-valued | No |
| Required | Yes |
| Admin Action Required | None |
| Advanced Property | No |
| Read-only | No |
| Description | Specifies the fully-qualified name of the Java class that provides the SASL mechanism handler implementation. |
| Default Value | org.opends.server.extensions.ExternalSASLMechanismHandler |
| Allowed Values | A java class that implements or extends the class(es) : org.opends.server.api.SASLMechanismHandler |
| Multi-valued | No |
| Required | Yes |
| Admin Action Required | The External SASL Mechanism Handler must be disabled and re-enabled for changes to this setting to take effect |
| Advanced Property | Yes |
| Read-only | No |
Each configuration property can be mapped to a specific LDAP attribute under the "cn=config" entry. The mappings that follow are provided for information only. In general, you should avoid changing the server configuration by manipulating the LDAP attributes directly.
| Base DN | cn=SASL Mechanisms,cn=config |
| objectclass name | ds-cfg-external-sasl-mechanism-handler |
| objectclass superior | ds-cfg-sasl-mechanism-handler |
| Property | LDAP attribute |
| certificate-attribute | ds-cfg-certificate-attribute |
| certificate-mapper | ds-cfg-certificate-mapper |
| certificate-validation-policy | ds-cfg-certificate-validation-policy |
| enabled | ds-cfg-enabled |
| java-class | ds-cfg-java-class |