Step C. Identify An Entry That Has Write Access; Step D. Verify Entries For End Entities - Netscape MANAGEMENT SYSTEM 4.5 Installation And Setup Manual

Step C. Identify an Entry That Has Write Access

When you configure the Certificate Manager to work with Directory Server, you'll
be required to specify a distinguished name in the directory that has read-write
permissions to the directory. To publish certificates and CRLs to the directory, the
Certificate Manager needs to use a user entry (in the directory) that has write
access to the directory. This enables the Certificate Manager to bind to the directory
as this user and modify the user entries with certificate-related information and the
CA entry with CA's certificate and CRL related information.
To provide the Certificate Manager with a user entry that has read-write
permission, you can do either of the following:
• Use the DN of an existing entry that has write access. For example, you can use
the entry of the Directory Manager or choose an alternative.
• Give write access to the user entry you created for the Certificate Manager in
the previous step. The entry can be identified by the Certificate Manager's DN.
For example, it may look like this:
CN=testCA, OU=Research Dept, O=Siroe Corporation, ST=California,
C=US
For instructions on giving write access to the Certificate Manager's entry, see your
LDAP directory documentation. In either case, note the entry DN and the
corresponding password as you will be required to identify this user entry to the
Certificate Manager later; see "Step 5. Identify the Publishing Directory" on
page 656.

Step D. Verify Entries for End Entities

The publishing directory must contain an entry for each end entity for whom you
want a certificate published. If the end entity does not have an entry in the
directory, the Certificate Manager will not be able to publish the end entity's
certificate.
To add an entry for each end entity, you can use the tools provided with Directory
Server. Keep in mind that the end-entity entries must belong to an object class, such
as , that allows the
inetOrgPerson
NOTE If you configured the Certificate Manager to use directory-based
authentication for end entities and are using the same directory for
authentication and publishing, you may not have to deal with this
issue. The server will not issue certificates to end entities that do not
have entries in the directory. See "Authentication of End Entities
During Certificate Enrollment" on page 515.
Configuring a Certificate Manager to Publish Certificates and CRLs
userCertificate;binary
Chapter 19
attribute.
Setting Up LDAP Publishing 621