Table of Contents
Advertisement
Creating Custom Properties
You can use the client certificate API to create your own properties. For
information on programming and using the client certificate API, see the Netscape
Enterprise Server NSAPI Programmer's Guide.
Once you have a custom mapping, you reference the mapping as follows:
<name>:library <path_to_shared_library>
<name>:InitFn <name_of_init_function>
For example:
certmap default1 o=Netscape Communications, c=US
default1:library /usr/netscape/enterprise/userdb/plugin.so
default1:InitFn plugin_init_fn
default1:DNComps
default1:FilterComps l
default1:verifycert on
Sample Mappings
The
file should have at least one entry. The following examples
certmap.conf
illustrate the different ways you can use the
Example #1
This example represents a
certmap default default
default:DNComps ou, o, c
default:FilterComps e, uid
default:verifycert on
Using this example, the server starts its search at the LDAP branch point
containing the entry
ou=orgunit, o=org, c=country
with the values from the subject's DN in the client certificate.
The server then uses the values for email address and userid from the certificate to
search for a match in the LDAP directory. When it finds an entry, the server verifies
the certificate by comparing the one the client sent to the one stored in the
directory.
Example #2
The following example file has two mappings: one for default and another for the
US Postal Service:
certmap default default
default:DNComps
default:FilterComps e, uid
ou o c
certmap.conf
file with only one "default" mapping:
certmap.conf
Chapter 5
Setting Client Security Requirements
file.
where the variables are replaced
Securing Your Enterprise Server
127
Advertisement
Table of Contents
