Dsakeyconstraints - Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual
Hide thumbs
Also See for CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR:
Table of Contents
Advertisement
Table 12-3
AttributePresentConstraints Configuration Parameters (Continued)
Parameter
Description
Specifies the nickname or the friendly name of the certificate to be used for SSL client
ldap.ldapauth.
authentication to the LDAP directory in order to check attributes. Make sure that the
clientCertNick
certificate is valid and has been signed by a CA that is trusted in the directory's certificate
name
database, and that the directory's certmap.conf file has been configured to correctly map
the certificate to a DN in the directory. (This is needed for PIN removal only.)
Example: Server-Cert
Specifies how to bind to the directory or the authentication type—basic authentication or SSL
ldap.ldapauth.
client authentication—required in order to check attributes in the LDAP directory:
authtype
•
•
Specifies the base DN for searching the LDAP directory—the plug-in uses the value of the
ldap.ldapconn.
uid field from the HTTP input (what a user enters in the enrollment from) and the base DN to
basedn
construct an LDAP search filter.
Permissible values: Any valid DN string of up to 255 characters. (If your user's DN is
uid=jdoe, o=company, you might want to use o=company here.)
Example: O=example.com
Specifies the minimum number of connections permitted (or to keep open) to the LDAP
ldap.ldapconn.
directory. Permissible values: 1 to 3; the default value is 1.
minConns
Specifies the maximum number of connections permitted to the LDAP directory; when
ldap.ldapconn.
needed, connection pool can grow to this many (multiplexed) connections. Permissible
maxConns
values: 3 to 10; the default value is 5.
Specifies the LDAP attribute, the presence of which is to be checked in the
attribute
certificate-enrollment request. Permissible values: Valid directory attributes, separated by
commas; the default value is pin.
If this parameter is non-empty, the attribute value must match this value for the request to
value
proceed to the next stage.
DSAKeyConstraints
The
DSAKeyConstraints
BasicAuth specifies basic authentication (default). If you choose this option, be sure to
enter the correct values for ldap.ldapauth.bindDN and password parameters; the
plug-in uses the DN from the ldap.ldapauth.bindDN attribute to bind to the
directory.
SslClientAuth specifies SSL client authentication. If you choose this option, be sure
to select the ldap.ldapconn.secureConn parameter and set the value of the
ldap.ldapauth.clientCertNickname parameter to the nickname of the
certificate to be used for SSL client authentication.
plug-in module imposes constraints on the following:
Constraints-Specific Policy Module Reference
Chapter 12
Policies
477
Advertisement
Table of Contents
Related Manuals for Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR
Related Products for Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR
- Red Hat CERTIFICATE SYSTEM 7.0 - MIGRATION GUIDE
- Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION
- Red Hat LINUX 7.2 - S-390
- Red Hat LINUX 7.1 - PSERIES
- Red Hat SYSTEM 8.0 - MIGRATION GUIDE 7.X TO 8.0
- Red Hat CERTIFICATE SYSTEM 7.2 - AGENT GUIDE
- Red Hat DIRECTORY SERVER 7.1 SP7 - S
- Red Hat Application Server
- Red Hat APPLICATION SERVER - JONAS
- Red Hat APPLICATION STACK 1.1 RELEASE
- Red Hat APPLICATION STACK 1.2 RELEASE
- Red Hat APPLICATION STACK 1.3 RELEASE
- Red Hat APPLICATION STACK 1.4 RELEASE
- Red Hat APPLICATION STACK 2.0 RELEASE
- Red Hat APPLICATION STACK 2.1 RELEASE
- Red Hat APPLICATION STACK 2.2 RELEASE