The is used to perform all processing related to SASL EXTERNAL authentication. ds-cfg-external-sasl-mechanism-handler ds-cfg-sasl-mechanism-handler org.opends.server.extensions.ExternalSASLMechanismHandler Indicates whether to attempt to validate the peer certificate against a certificate held in the user's entry. Always require the peer certificate to be present in the user's entry. If the user's entry contains one or more certificates, require that one of them match the peer certificate. Do not look for the peer certificate to be present in the user's entry. ds-cfg-certificate-validation-policy Specifies the name of the attribute that should hold user certificates. This must specify the name of a valid attribute type defined in the server schema. userCertificate ds-cfg-certificate-attribute Specifies the name of the certificate mapper that should be used to match client certificates to user entries. ds-cfg-certificate-mapper