ExternalSASLMechanismHandlerConfiguration.xml revision d70586b00b9530ab99ab4b8f003e9a54793e419f
<?xml version="1.0" encoding="UTF-8"?>
<!--
! CDDL HEADER START
!
! The contents of this file are subject to the terms of the
! Common Development and Distribution License, Version 1.0 only
! (the "License"). You may not use this file except in compliance
! with the License.
!
! You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
! See the License for the specific language governing permissions
! and limitations under the License.
!
! When distributing Covered Code, include this CDDL HEADER in each
! file and include the License file at legal-notices/CDDLv1_0.txt.
! If applicable, add the following below this CDDL HEADER, with the
! fields enclosed by brackets "[]" replaced with your own identifying
! information:
! Portions Copyright [yyyy] [name of copyright owner]
!
! CDDL HEADER END
!
!
! Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="external-sasl-mechanism-handler"
plural-name="external-sasl-mechanism-handlers"
package="org.forgerock.opendj.server.config" extends="sasl-mechanism-handler"
xmlns:adm="http://opendj.forgerock.org/admin"
xmlns:ldap="http://opendj.forgerock.org/admin-ldap">
<adm:synopsis>
The
<adm:user-friendly-name />
performs all processing related to SASL EXTERNAL
authentication.
</adm:synopsis>
<adm:profile name="ldap">
<ldap:object-class>
<ldap:name>ds-cfg-external-sasl-mechanism-handler</ldap:name>
<ldap:superior>ds-cfg-sasl-mechanism-handler</ldap:superior>
</ldap:object-class>
</adm:profile>
<adm:property-override name="java-class" advanced="true">
<adm:default-behavior>
<adm:defined>
<adm:value>
</adm:value>
</adm:defined>
</adm:default-behavior>
</adm:property-override>
<adm:property name="certificate-validation-policy" mandatory="true">
<adm:synopsis>
Indicates whether to attempt to validate the peer certificate
against a certificate held in the user's entry.
</adm:synopsis>
<adm:syntax>
<adm:enumeration>
<adm:value name="always">
<adm:synopsis>
Always require the peer certificate to be present in the
user's entry.
</adm:synopsis>
</adm:value>
<adm:value name="ifpresent">
<adm:synopsis>
If the user's entry contains one or more certificates,
require that one of them match the peer certificate.
</adm:synopsis>
</adm:value>
<adm:value name="never">
<adm:synopsis>
Do not look for the peer certificate to be present in the
user's entry.
</adm:synopsis>
</adm:value>
</adm:enumeration>
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
<ldap:name>ds-cfg-certificate-validation-policy</ldap:name>
</ldap:attribute>
</adm:profile>
</adm:property>
<adm:property name="certificate-attribute">
<adm:synopsis>
Specifies the name of the attribute to hold user
certificates.
</adm:synopsis>
<adm:description>
This property must specify the name of a valid attribute type defined in
the server schema.
</adm:description>
<adm:default-behavior>
<adm:defined>
<adm:value>userCertificate</adm:value>
</adm:defined>
</adm:default-behavior>
<adm:syntax>
<adm:attribute-type />
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
<ldap:name>ds-cfg-certificate-attribute</ldap:name>
</ldap:attribute>
</adm:profile>
</adm:property>
<adm:property name="certificate-mapper" mandatory="true">
<adm:synopsis>
Specifies the name of the certificate mapper that should be used
to match client certificates to user entries.
</adm:synopsis>
<adm:syntax>
<adm:aggregation relation-name="certificate-mapper"
parent-path="/">
<adm:constraint>
<adm:synopsis>
The referenced certificate mapper must be enabled when the
<adm:user-friendly-name />
is enabled.
</adm:synopsis>
<adm:target-needs-enabling-condition>
<adm:contains property="enabled" value="true" />
</adm:target-needs-enabling-condition>
<adm:target-is-enabled-condition>
<adm:contains property="enabled" value="true" />
</adm:target-is-enabled-condition>
</adm:constraint>
</adm:aggregation>
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
<ldap:name>ds-cfg-certificate-mapper</ldap:name>
</ldap:attribute>
</adm:profile>
</adm:property>
</adm:managed-object>