The Fingerprint Certificate Mapper maps client certificates to user entries by looking for the MD5 or SHA1 fingerprint in a specified attribute of user entries.
The Fingerprint Certificate Mapper component inherits from the Certificate Mapper
This page describes the Fingerprint Certificate Mapper:
A description of each property follows.
| Basic Properties: | Advanced Properties: |
|---|---|
| ↓ enabled | ↓ java-class |
| ↓ fingerprint-algorithm | |
| ↓ fingerprint-attribute | |
| ↓ user-base-dn |
| Description | Indicates whether the Certificate Mapper is enabled. |
| Default Value | None |
| Allowed Values | true false |
| Multi-valued | No |
| Required | Yes |
| Admin Action Required | None |
| Advanced Property | No |
| Read-only | No |
| Description | Specifies the name of the digest algorithm to compute the fingerprint of client certificates. |
| Default Value | None |
| Allowed Values | md5 - Use the MD5 digest algorithm to compute certificate fingerprints. sha1 - Use the SHA-1 digest algorithm to compute certificate fingerprints. |
| Multi-valued | No |
| Required | Yes |
| Admin Action Required | None |
| Advanced Property | No |
| Read-only | No |
| Description | Specifies the attribute in which to look for the fingerprint. Values of the fingerprint attribute should exactly match the MD5 or SHA1 representation of the certificate fingerprint. |
| Default Value | None |
| Allowed Values | The name of an attribute type defined in the server schema. |
| Multi-valued | No |
| Required | Yes |
| Admin Action Required | None |
| Advanced Property | No |
| Read-only | No |
| Description | Specifies the set of base DNs below which to search for users. The base DNs are used when performing searches to map the client certificates to a user entry. |
| Default Value | The server performs the search in all public naming contexts. |
| Allowed Values | A valid DN. |
| Multi-valued | Yes |
| Required | No |
| Admin Action Required | None |
| Advanced Property | No |
| Read-only | No |
| Description | Specifies the fully-qualified name of the Java class that provides the Fingerprint Certificate Mapper implementation. |
| Default Value | org.opends.server.extensions.FingerprintCertificateMapper |
| Allowed Values | A java class that implements or extends the class(es) : org.opends.server.api.CertificateMapper |
| Multi-valued | No |
| Required | Yes |
| Admin Action Required | The Fingerprint Certificate Mapper must be disabled and re-enabled for changes to this setting to take effect |
| Advanced Property | Yes |
| Read-only | No |
Each configuration property can be mapped to a specific LDAP attribute under the "cn=config" entry. The mappings that follow are provided for information only. In general, you should avoid changing the server configuration by manipulating the LDAP attributes directly.
| Base DN | cn=Certificate Mappers,cn=config |
| objectclass name | ds-cfg-fingerprint-certificate-mapper |
| objectclass superior | ds-cfg-certificate-mapper |
| Property | LDAP attribute |
| enabled | ds-cfg-enabled |
| fingerprint-algorithm | ds-cfg-fingerprint-algorithm |
| fingerprint-attribute | ds-cfg-fingerprint-attribute |
| java-class | ds-cfg-java-class |
| user-base-dn | ds-cfg-user-base-dn |