Table of Contents
Advertisement
•
is a list of comma-separated attributes used to determine where in the
DNComps
LDAP directory the server should start searching for entries that match the
user's information (that is, the owner of the client certificate). The server
gathers values for these attributes from the client certificate and uses the values
to form an LDAP DN, which then determines where the server starts its search
in the LDAP directory. For example, if you set
attributes of the DN, the server starts the search from the
entry in the LDAP directory, where <
c=<country>
replaced with values from the DN in the certificate.
Note the following situations:
If there isn't a
CmapLdapAttr
is, the end-user's information).
If the
DNComps
entire LDAP tree for entries matching the filter.
•
is a list of comma-separated attributes used to create a filter by
FilterComps
gathering information from the user's DN in the client certificate. The server
uses the values for these attributes to form the search criteria used to match
entries in the LDAP directory. If the server finds one or more entries in the
LDAP directory that match the user's information gathered from the
certificate, the search is successful and the server optionally performs a
verification.
For example, if
FilterComps
(
FilterComps=e,uid
values for email and userid match the end user's information gathered from
the client certificate. Email addresses and userids are good filters because they
are usually unique entries in the directory. The filter needs to be specific
enough to match one and only one entry in the LDAP database.
For a list of the x509v3 certificate attributes, see the following table:
Table 5-2
Attributes for x509v3 Certificates
Attribute
c
o
cn
l
st
entry in the mapping, the server uses either the
DNComps
setting or the entire subject DN in the client certificate (that
entry is present but has no value, the server searches the
is set to use the email and userid attributes
), the server searches the directory for an entry whose
Description
Country
Organization
Common name
Location
State
Setting Client Security Requirements
to use the
DNComps
o=<org>,
> and
org
Chapter 5
Securing Your Enterprise Server
and
o
c
are
<country>
123
Advertisement
Table of Contents
Related Manuals for Netscape NETSCAPE ENTREPRISE SERVER 6.0 - ADMINISTRATOR
Related Products for Netscape NETSCAPE ENTREPRISE SERVER 6.0 - ADMINISTRATOR
- Netscape ENTREPRISE SERVER 6.1
- Netscape NETSCAPE ENTREPRISE SERVER 6.0 - INSTALLATION AND MIGRATION GUIDE
- Netscape NETSCAPE ENTREPRISE SERVER 6.1 - INSTALLATION AND MIGRATION GUIDE
- Netscape NETSCAPE ENTERPRISE SERVER 6.0 - PROGRAMMER GUIDE TO SERVLETS
- Netscape NETSCAPE ENTERPRISE SERVER 6.1 - PROGRAMMER GUIDE TO SERVLETS
- Netscape ENTERPRISE SERVER 6.1
- Netscape ENTERPRISE SERVER 6.0
- Netscape NETSCAPE CONSOLE 6.0 - MANAGING SERVERS
- Netscape NETSCAPE DIRECTORY SERVER 6.0
- Netscape NETSCAPE DIRECTORY SERVER 6.0 - DEPLOYMENT
- Netscape NETSCAPE DIRECTORY SERVER 6.01
- Netscape NETSCAPE DIRECTORY SERVER 6.01 - ADMINISTRATOR
- Netscape NETSCAPE DIRECTORY SERVER 6.01 - DEPLOYMENT
- Netscape NETSCAPE DIRECTORY SERVER 6.01 - PLUG-IN
- Netscape NETSCAPE DIRECTORY SERVER 6.02
- Netscape NETSCAPE DIRECTORY SERVER 6.02 - ADMINISTRATOR