are responsible for establishing a mapping between an identifier string provided by a client, and the entry for the user that corresponds to that identifier. are used to process several SASL mechanisms to map an authorization ID (e.g., a Kerberos principal when using GSSAPI) to a directory user. They are also used when processing requests with the proxied authorization control. ds-cfg-identity-mapper top Indicates whether the is enabled for use. ds-cfg-enabled Specifies the fully-qualified name of the Java class that provides the implementation. org.opends.server.api.IdentityMapper ds-cfg-java-class