Table of Contents
Advertisement
Setting Client Security Requirements
•
DNComps
LDAP directory the server should start searching for entries that match the
user's information (that is, the owner of the client certificate). The server
gathers values for these attributes from the client certificate and uses the values
to form an LDAP DN, which then determines where the server starts its search
in the LDAP directory. For example, if you set
attributes of the DN, the server starts the search from the
c=<country>
replaced with values from the DN in the certificate.
Note the following situations:
•
FilterComps
gathering information from the user's DN in the client certificate. The server
uses the values for these attributes to form the search criteria used to match
entries in the LDAP directory. If the server finds one or more entries in the
LDAP directory that match the user's information gathered from the
certificate, the search is successful and the server optionally performs a
verification.
For example, if
(
values for email and userid match the end user's information gathered from
the client certificate. Email addresses and userids are good filters because they
are usually unique entries in the directory. The filter needs to be specific
enough to match one and only one entry in the LDAP database.
For a list of the x509v3 certificate attributes, see the following table:
Table 5-2
Attribute
c
o
cn
l
st
126
Netscape Enterprise Server Administrator's Guide • April 2002 (Draft)
is a list of comma-separated attributes used to determine where in the
entry in the LDAP directory, where <
If there isn't a
DNComps
setting or the entire subject DN in the client certificate (that
CmapLdapAttr
is, the end-user's information).
If the
entry is present but has no value, the server searches the
DNComps
entire LDAP tree for entries matching the filter.
is a list of comma-separated attributes used to create a filter by
FilterComps
), the server searches the directory for an entry whose
FilterComps=e,uid
Attributes for x509v3 Certificates
Description
Country
Organization
Common name
Location
State
DNComps
entry in the mapping, the server uses either the
is set to use the email and userid attributes
to use the
and
o
c
o=<org>,
> and
org
<country>
are
Advertisement
Table of Contents
Related Manuals for Netscape NETSCAPE ENTREPRISE SERVER 6.1 - 04-2002 ADMINISTRATOR
Related Products for Netscape NETSCAPE ENTREPRISE SERVER 6.1 - 04-2002 ADMINISTRATOR
- Netscape NETSCAPE CONSOLE 6.0 - MANAGING SERVERS
- Netscape NETSCAPE DIRECTORY SERVER 6.01
- Netscape NETSCAPE DIRECTORY SERVER 6.02
- Netscape NETSCAPE DIRECTORY SERVER 6.1 - DEPLOYMENT
- Netscape NETSCAPE DIRECTORY SERVER 6.2 - GATEWAY CUSTOMIZATION
- Netscape NETSCAPE ENTERPRISE SERVER 6.0 - NSAPI PROGRAMMER GUIDE
- Netscape NETSCAPE ENTERPRISE SERVER 6.1 - NSAPI PROGRAMMER GUIDE
- Netscape NETSCAPE ENTREPRISE SERVER 6.1 - 08-2002 ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE