Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION Administration Manual page 392
Hide thumbs
Also See for CERTIFICATE SYSTEM 7.3 - ADMINISTRATION:
- Manual (98 pages) ,
- Release note (24 pages) ,
- Manual (88 pages)
Table of Contents
Advertisement
Chapter 15. Publishing
• Example 1: uid=CertMgr, o=Example Corporation
• Example 2: cn=$subj.cn,ou=$subj.ou,o=$subj.o,c=US
• Example 3: uid=$req.HTTP_PARAMS.uid, e=
$ext.SubjectAlternativeName.RFC822Name,ou=$subj.ou
In the examples, $req takes the attribute from the certificate request, $subj takes the attribute from
the certificate subject name, and $ext takes the attribute from the certificate extension.
15.13.2.4. LdapSubjAttrMap
The LdapSubjAttrMap plug-in module configures a Certificate Manager to map a certificate to an
LDAP directory entry using a configurable LDAP attribute. To use this mapper, the directory entries
must include the specified LDAP attribute.
This mapper requires the exact pattern of the subject DN because the Certificate Manager searches
the directory for the attribute with a value that exactly matches the entire subject DN. For example,
if the specified LDAP attribute is certSubjectDN and the certificate subject name is uid=jdoe,
o=Example Corporation, c=US, the Certificate Manager searches the directory for entries that
have the attribute certSubjectDN=uid=jdoe, o=Example Corporation, c=US.
If no matching entries are found, the server returns an error and writes it to the log.
15.13.2.4.1. Configuration Parameters of LdapSubjAttrMap
Table 15.12, "LdapSubjAttrMap Parameters"
Parameter
certSubjNameAttr
searchBase
Table 15.12. LdapSubjAttrMap Parameters
15.13.2.5. LdapDNCompsMap
The LdapDNCompsMap plug-in module implements the DN components mapper. This mapper maps
a certificate to an LDAP directory entry by constructing the entry's DN from components, such as cn,
ou, o, and c, specified in the certificate subject name, and then uses it as the search DN to locate the
entry in the directory. The mapper locates the following entries:
• The CA's entry in the directory for publishing the CA certificate and the CRL.
• End-entity entries in the directory for publishing end-entity certificates.
The mapper takes DN components to build the search DN. The mapper also takes an optional root
search DN. The server uses the DN components to form an LDAP entry to begin a subtree search
and the filter components to form a search filter for the subtree. If none of the DN components are
configured, the server uses the base DN for the subtree. If the base DN is null and none of the DN
370
describes these parameters.
Description
Specifies the name of the LDAP attribute that
contains a certificate subject name as its value.
The default is certSubjectName, but this can
be configured to any LDAP attribute.
Specifies the base DN for starting the attribute
search. The permissible value is a valid DN of an
LDAP entry, such as o=example.com, c=US.
Advertisement
Table of Contents
Related Manuals for Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION
Related Products for Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION
- Red Hat CERTIFICATE SYSTEM 7.0 - MIGRATION GUIDE
- Red Hat CERTIFICATE 7.1 ADMINISTRATOR
- Red Hat LINUX 7.2 - S-390
- Red Hat LINUX 7.1 - PSERIES
- Red Hat SYSTEM 8.0 - MIGRATION GUIDE 7.X TO 8.0
- Red Hat CERTIFICATE SYSTEM 7.2 - AGENT GUIDE
- Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION
- Red Hat DIRECTORY SERVER 7.1 SP7 - S
Need help?
Do you have a question about the CERTIFICATE SYSTEM 7.3 - ADMINISTRATION and is the answer not in the manual?
Questions and answers