Netscape MANAGEMENT SYSTEM 6.0 - PLUG-IN Manual page 26

UidPwdDirAuth Plug-in Module
Table 1-2 Description of parameters defined in the UidPwdDirAuth module
Parameter
dnpattern
ldapStringAttributes
26 Netscape Certificate Management System Plug-Ins Guide • March 2002
Description
Specifies a string representing a subject name pattern to formulate from the
directory attributes and entry DN.
Permissible values: Any valid DN string composed from standard DN
attributes, which must be separated by commas; see "DNs in Certificate
Management System" on page 312.
The syntax is illustrated in the following example:
E=$attr.mail.1, CN=$attr.cn, OU=$dn.ou.2, O=$dn.o, C=US
This sample configuration specifies that the subject name should be
formulated as follows:
• E = the first mail LDAP attribute value in the user's entry
• CN = the (first) cn LDAP attribute value in the user's entry
• OU = the second ou value in the user's entry DN
• O = the (first) o value in the user's entry DN
• C = the string US
If this parameter value is empty or not set, the server uses E=$attr.mail,
CN=$attr.cn, O=$dn.o, C=$dn.c as the DN pattern.
This default DN pattern works well with Netscape Communicator and other
browsers. For Communicator, if you leave out E= in end-user certificates,
S/MIME may not work correctly (assuming lack of other extensions in the
certificate). Also, if C= and O= are left out, certificate display looks strange in
Communicator (when the Display Certificate button is clicked).
Specifies the list of LDAP string attributes that should be considered authentic
for the end entity. If specified, the values corresponding to these attributes
will be copied from the authentication directory into the authentication
token—that is, values retrieved from this parameter can be used by policy
modules to formulate subject names for certificates or to make other policy
decisions. For details, see "SubjectAltNameExt Plug-in Module" on page 232.
Entering values for this parameter is optional.
Permissible values: Any valid LDAP string attributes, separated by commas.
Example: mail
(This sample configuration specifies that the value of the mail attribute
should be stored in the authentication token.)