The performs all processing related to SASL EXTERNAL authentication. ds-cfg-external-sasl-mechanism-handler ds-cfg-sasl-mechanism-handler org.opends.server.extensions.ExternalSASLMechanismHandler Indicates whether to attempt to validate the peer certificate against a certificate held in the user's entry. Always require the peer certificate to be present in the user's entry. If the user's entry contains one or more certificates, require that one of them match the peer certificate. Do not look for the peer certificate to be present in the user's entry. ds-cfg-certificate-validation-policy Specifies the name of the attribute to hold user certificates. This property must specify the name of a valid attribute type defined in the server schema. userCertificate ds-cfg-certificate-attribute Specifies the name of the certificate mapper that should be used to match client certificates to user entries. The referenced certificate mapper must be enabled when the is enabled. ds-cfg-certificate-mapper