Table of Contents
Advertisement
Setting Client Security Requirements
certmap usps ou=United States Postal Service, o=usps, c=US
usps:DNComps ou,o,c
usps:FilterComps e
usps:verifycert on
When the server gets a certificate from anyone other than the US Postal Service, it
uses the default mapping, which starts at the top of the LDAP tree and searches for
an entry matching the client's email and userid. If the certificate is from the US
Postal Service, the server starts its search at the LDAP branch containing the
organizational unit and searches for matching email addresses. Also note that if the
certificate is from the USPS, the server verifies the certificate; other certificates are
not verified.
CAUTION
Example #3
The following example uses the
database for an attribute called
entire subject DN taken from the client certificate.
certmap myco ou=Example Corporation, o=example, c=US
example:CmapLdapAttr certSubjectDN
example:DNComps
example:FilterComps mail, uid
example:verifycert on
If the client certificate subject is:
uid=Babs Jensen, o=Example Corporation, c=US
the server first searches for entries that contain the following information:
certSubjectDN=uid=Babs Jensen, o=Example Corporation, c=US
If one or more matching entries are found, the server proceeds to verify the entries.
If no matching entries are found, the server will use
search for matching entries. In this example, the server would search for
Jensen
NOTE
128
Netscape Enterprise Server Administrator's Guide • August 2002
The issuer DN (that is, the CA's information) in the certificate must
be identical to the issuer DN listed in the first line of the mapping. In
the previous example, a certificate from an issuer DN that is
o=United States Postal Service,c=US
there isn't a space between the
o, c
in all entries under
o=Example Corporation, c=US
This example assumes the LDAP directory contains entries with the
attribute
certSubjectDN
and the
o
property to search the LDAP
CmapLdapAttr
whose value exactly matches the
certSubjectDN
.
won't match because
attributes.
c
and
DNComps
FilterComps
uid=Babs
.
to
Advertisement
Table of Contents
Related Manuals for Netscape NETSCAPE ENTREPRISE SERVER 6.1 - 08-2002 ADMINISTRATOR
Related Products for Netscape NETSCAPE ENTREPRISE SERVER 6.1 - 08-2002 ADMINISTRATOR
- Netscape NETSCAPE CONSOLE 6.0 - MANAGING SERVERS
- Netscape NETSCAPE DIRECTORY SERVER 6.01
- Netscape NETSCAPE DIRECTORY SERVER 6.02
- Netscape NETSCAPE DIRECTORY SERVER 6.1 - DEPLOYMENT
- Netscape NETSCAPE DIRECTORY SERVER 6.2 - GATEWAY CUSTOMIZATION
- Netscape NETSCAPE ENTERPRISE SERVER 6.0 - NSAPI PROGRAMMER GUIDE
- Netscape NETSCAPE ENTERPRISE SERVER 6.1 - NSAPI PROGRAMMER GUIDE
- Netscape NETSCAPE ENTREPRISE SERVER 6.1 - 04-2002 ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE