Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION Administration Manual page 390

Chapter 15. Publishing
Parameter
createCAEntry
dnPattern
Table 15.11. LdapCaSimpleMap Configuration Parameters
15.13.2.1.1. LdapCaCertMap
The LdapCaCertMap mapper is an instance of the LdapCaSimpleMap module. The Certificate
Manager automatically creates this mapper during installation.
368
Description
Creates a CA's entry, if selected (default).
If selected, the Certificate Manager first attempts
to create an entry for the CA in the directory. If
the Certificate Manager succeeds in creating
the entry, it then attempts to publish the CA's
certificate to the entry. If this is not selected, the
entry must already be present in order to publish
to it.
Specifies the DN pattern the Certificate Manager
should use to construct to search for the CA's
entry in the publishing directory. The value of
dnPattern can be a list of AVAs separated by
commas. An AVA can be a variable, such as
cn=$subj.cn, that the Certificate Manager
can derive from the certificate subject name or a
constant, such as o=Example Corporation.
If the CA certificate does not have the cn
component in its subject name, adjust the CA
certificate mapping DN pattern to reflect the
DN of the entry in the directory where the CA
certificate is to be published. For example, if
the CA certificate subject DN is o=Example
Corporation and the CA's entry in the
directory is cn=Certificate Authority,
o=Example Corporation, the pattern is
cn=Certificate Authority, o=$subj.o.
• Example 1: uid=CertMgr, o=Example
Corporation
• Example 2: cn=$subj.cn,ou=
$subj.ou,o=$subj.o,c=US
• Example 3: uid=
$req.HTTP_PARAMS.uid, e=
$ext.SubjectAlternativeName.RFC822Name,ou=
$subj.ou
In the above examples, $req takes the attribute
from the certificate request, $subj takes the
attribute from the certificate subject name, and
$ext takes the attribute from the certificate
extension.