Note: this is an abstract component, that cannot be instantiated.
Identity Mappers are responsible for establishing a mapping between an identifier string provided by a client, and the entry for the user that corresponds to that identifier. Identity Mappers are used to process several SASL mechanisms to map an authorization ID (e.g., a Kerberos principal when using GSSAPI) to a directory user. They are also used when processing requests with the proxied authorization control.
The following Identity Mappers are available in the server :
These Identity Mappers inherit from the properties described below.
The following components have a direct AGGREGATION relation TO Identity Mappers :
A description of each property follows.
Basic Properties: | Advanced Properties: |
---|---|
↓ enabled | None |
↓ java-class | |
↓ match-attribute | |
↓ match-base-dn | |
↓ match-pattern | |
↓ priority |
Description | Indicates whether the Identity Mapper is enabled for use. |
---|---|
Default Value | None |
Allowed Values | true false |
Multi-valued | No |
Required | Yes |
Admin Action Required | None |
Advanced Property | No |
Read-only | No |
Description | Specifies the fully-qualified name of the Java class that provides the Identity Mapper implementation. |
---|---|
Default Value | None |
Allowed Values | A java class that implements or extends the class(es) : org.opends.server.api.IdentityMapper |
Multi-valued | No |
Required | Yes |
Admin Action Required | The Identity Mapper must be disabled and re-enabled for changes to this setting to take effect |
Advanced Property | No |
Read-only | No |
Description | Specifies the name or OID of the attribute whose value should match the provided identifier string after it has been processed by the associated regular expression. All values must refer to the name or OID of an attribute type defined in the Directory Server schema. If multiple attributes or OIDs are provided, at least one of those attributes must contain the provided ID string value in exactly one entry. |
---|---|
Default Value | uid |
Allowed Values | The name of an attribute type defined in the server schema. |
Multi-valued | Yes |
Required | Yes |
Admin Action Required | None |
Advanced Property | No |
Read-only | No |
Description | Specifies the base DN(s) that should be used when performing searches to map the provided ID string to a user entry. If multiple values are given, searches are performed below all the specified base DNs. |
---|---|
Default Value | The server searches below all public naming contexts. |
Allowed Values | A valid DN. |
Multi-valued | Yes |
Required | No |
Admin Action Required | None |
Advanced Property | No |
Read-only | No |
Description | Specifies the regular expression pattern that is used to identify an entry that Identity Mapper applies to. A match pattern determines whether a particular Identity Mapper can be applied on an entry or not. Exactly one match pattern value must be provided, and it must be a valid regular expression as described in the API documentation for the java.util.regex.Pattern class, including support for capturing groups. |
---|---|
Default Value | None |
Allowed Values | Any valid regular expression pattern which is supported by the javax.util.regex.Pattern class (see http://download.oracle.com/docs/cd/E17409_01/javase/6/docs/api/java/util/regex/Pattern.html for documentation about this class for Java SE 6). |
Multi-valued | No |
Required | Yes |
Admin Action Required | None |
Advanced Property | No |
Read-only | No |
Description | Specifies the priority for this Identity Mapper. If there is a conflict in Identity Mapper selection, such as, multiple Identity Mappers matching an identifier string, Identity Mapper with the lowest priority is selected. |
---|---|
Default Value | 1 |
Allowed Values | An integer value. Lower value is 0. |
Multi-valued | No |
Required | No |
Admin Action Required | None |
Advanced Property | No |
Read-only | No |