The is used to perform all processing related to SASL EXTERNAL authentication. 1.3.6.1.4.1.26027.1.2.44 ds-cfg-external-sasl-mechanism-handler ds-cfg-sasl-mechanism-handler org.opends.server.extensions.ExternalSASLMechanismHandler Indicates whether to attempt to validate the peer certificate against a value held in the user's entry. Indicates whether the SASL EXTERNAL mechanism handler should attempt to validate the peer certificate against a certificate in the corresponding user's entry. The value must be one of "true" (which will always attempt to validate the certificate and will fail if no certificates are present), "false" (which will never attempt to validate the peer certificate), and "ifpresent" (which will validate the peer certificate if there are one or more certificates in the user's entry, but will not fail if there are no certificates in the entry. Changes to this configuration attribute will take effect immediately. Always require the peer certificate to be present in the user's entry. If the user's entry contains one or more certificates, require that one of them match the peer certificate. Do not look for the peer certificate to be present in the user's entry. 1.3.6.1.4.1.26027.1.1.22 ds-cfg-client-certificate-validation-policy Specifies the attribute that should hold user certificates. Specifies the name of the attribute that will be used to hold the certificate information in user entries for the purpose of validation. This must specify the name of a valid attribute type defined in the server schema. Changes to this configuration attribute will take effect immediately. userCertificate 1.3.6.1.4.1.26027.1.1.18 ds-cfg-certificate-attribute Specifies the DN of the certificate mapper to use. Specifies the DN of the configuration entry for the certificate mapper that should be used to match client certificates to user entries. cn=certificate mappers,cn=config 1.3.6.1.4.1.26027.1.1.309 ds-cfg-certificate-mapper-dn