Table of Contents
Advertisement
The server tries to match the CA to the list of trusted CAs in the Administration
Server. If there isn't a match, Enterprise Server ends the connection. If there is a
match, the server continues processing the request.
After verifying the certificate is from a trusted CA, the server maps the certificate to
an LDAP entry by:
•
Mapping the issuer and subject DN from the client certificate to a branch point
in the LDAP directory.
•
Searching the LDAP directory for an entry that matches the information about
the subject (end-user) of the client certificate.
•
(Optional) Verifying the client certificate with one in the LDAP entry that
corresponds to the DN.
The server uses a certificate mapping file called
do the LDAP search. The mapping file tells the server what values to take from the
client certificate (such as the end-user's name, email address, and so on). The server
uses these values to search for a user entry in the LDAP directory, but first the
server needs to determine where in the LDAP directory it needs to start its search.
The certificate mapping file also tells the server where to start.
Once the server knows where to start its search and what it needs to search for
(step 1), it performs the search in the LDAP directory (step 2). If it finds no
matching entry or more than one matching entry, and the mapping is not set to
verify the certificate, the search fails. For a complete list of the expected search
result behavior, see the following Table 5-1 table. Note that you can specify the
expected behavior in the ACL; for example, you can specify that Enterprise Server
accepts you if the certificate match fails. For more information regarding how to set
the ACL preferences, see "Using Access Control Files," on page 170.
LDAP Search Results
Table 5-1
LDAP Search Result
No entry found
Exactly one entry found
More than one entry
found
After the server finds a matching entry and certificate in the LDAP directory, it can
use that information to process the transaction. For example, some servers use
certificate-to-LDAP mapping to determine access to a server.
Certificate Verification ON
Authentication fails
Authentication fails
Authentication fails
Chapter 5
Setting Client Security Requirements
to determine how to
certmap.conf
Certificate Verification OFF
Authentication fails
Authentication succeeds
Authorization fails
Securing Your Enterprise Server
123
Advertisement
Table of Contents
Related Manuals for Netscape NETSCAPE ENTREPRISE SERVER 6.1 - 08-2002 ADMINISTRATOR
Related Products for Netscape NETSCAPE ENTREPRISE SERVER 6.1 - 08-2002 ADMINISTRATOR
- Netscape NETSCAPE CONSOLE 6.0 - MANAGING SERVERS
- Netscape NETSCAPE DIRECTORY SERVER 6.01
- Netscape NETSCAPE DIRECTORY SERVER 6.02
- Netscape NETSCAPE DIRECTORY SERVER 6.1 - DEPLOYMENT
- Netscape NETSCAPE DIRECTORY SERVER 6.2 - GATEWAY CUSTOMIZATION
- Netscape NETSCAPE ENTERPRISE SERVER 6.0 - NSAPI PROGRAMMER GUIDE
- Netscape NETSCAPE ENTERPRISE SERVER 6.1 - NSAPI PROGRAMMER GUIDE
- Netscape NETSCAPE ENTREPRISE SERVER 6.1 - 04-2002 ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE