Table of Contents
Advertisement
Example certmap.conf Mappings
The following examples illustrate three different ways you can use the
file.
certmap.conf
Example of a Default Mapping
Here are the contents of a simple
mapping:
certmap default
default:DNComps
default:FilterComps e, uid
default:verifycert
Using this example, the server starts its search at the directory branch point
containing the entry
where the italics represent values from the subject's DN in the client certificate.
The server then uses the values for
certificate to search for a match in the directory before authenticating the user.
When it finds a matching entry, the server verifies the certificate by comparing the
certificate the client sent to the certificate stored in the directory.
Example of an Additional Mapping
Here are the contents of a sample
as well as a mapping for MyCA:
certmap default
default:DNComps
default:FilterComps e, uid
certmap MyCA
MyCA:DNComps
MyCA:FilterComps
MyCA:verifycert
When the server gets a certificate from a CA other than MyCA, the server uses the
default mapping, which starts at the top of the directory tree and searches for an
entry matching the client's email address (
from MyCA, the server starts its search at the directory branch containing the
certmap.conf
default
ou, o, c
on
ou=organizationalUnit, o=organization, c=country
(email address) and
e
certmap.conf
default
ou=MySpecialTrust,o=MyOrg,c=US
ou,o,c
e
on
Chapter 10
file that contains only the default
(user ID) from the
uid
file that defines a default mapping
) and user ID (
). If the certificate is
e
uid
Using SSL and TLS with Netscape Servers
Using Client Authentication
,
203
Advertisement
Table of Contents
