Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual page 765

The configuration variable supports escaped commas and multiple attribute
dnpattern
variable assertions (AVAs) in a RDN. Below is the syntax for the DN pattern followed by
examples.
Syntax
dnPattern := rdnPattern *[ "," rdnPattern ]
rdnPattern := avaPattern *[ "+" avaPattern ]
avaPattern := name "=" value | name "=" "$attr" "." attrName [ "."
attrNumber ] | name "="
"$dn" "." attrName [ "." attrNumber ] | "$dn" "." "$rdn" "." number
Example 1
If the configured DN pattern is
E=$attr.mail.1, CN=$attr.cn, OU=$dn.ou.2, O=$dn.o, C=US
LDAP entry:
dn: UID=jdoe, OU=IS, OU=people, O=example.com
LDAP attributes:
cn: Jane Doe
LDAP attributes:
mail: jdoe@example.com
The subject name formulated will be as follows:
E=jdoe@example.com, CN=Jane Doe, OU=people, O=example.com, C=US
the first 'mail' LDAP attribute value in user's entry.
E=
the (first) ' ' LDAP attribute value in the user's entry.
CN= cn
the second '
OU= ou
the (first) ' ' value in the user's entry DN.
O= o
the string 'US'
C=
Example 2
If the configured DN pattern is
E=$attr.mail.1, CN=$attr.cn, OU=$dn.ou.2, O=$dn.o, C=US
LDAP entry:
dn: UID=jdoe, OU=IS+OU=people, O=example.com
LDAP attributes:
cn: Jane Doe
LDAP attributes:
mail: jdoe@example.com
The subject name formulated will be as follows:
E=jdoe@example.com, CN=Jane Doe, OU=people, O=example.com, C=US
' value in the user's entry DN.
DNs in Certificate System
Appendix I Distinguished Names 765