Table of Contents
Advertisement
Description of parameters defined in the LdapDNCompsMap module (Continued)
Table 5-3
Parameter
Description
Specifies where in the publishing directory the Certificate Manager should start
dnComps
searching for an LDAP entry that matches the CA's or the end entity's information
(that is, the owner of the certificate).
The server uses the dnComps values to form an LDAP entry to begin a subtree search.
The server gathers values for these attributes from the certificate subject name and
uses the values to form an LDAP DN, which then determines where in the LDAP
directory the server starts its search. For example, if you set dnComps to use the O
and C attributes of the DN, the server starts the search from the O=<org>,
C=<country> entry in the directory, where <org> and <country> are replaced
with values from the DN in the certificate.
If you leave the dnComps field empty, the server checks the baseDN field and
searches the directory tree specified by that DN for entries matching the filter
specified by filterComps parameter values.
Permissible values: Valid DN components or attributes separated by commas.
Example: O,C
Specifies components the Certificate Manager should use to filter entries from the
filterComps
search result. The server uses the filterComps values to form an LDAP search filter
for the subtree. The server constructs the filter by gathering values for these attributes
from the certificate subject name; it uses the filter to search for and match entries in
the LDAP directory.
If the server finds one or more entries in the LDAP directory that match the
information gathered from the certificate, the search is successful and the server
optionally performs a verification. For example, if filterComps is set to use the
email and user ID attributes (filterComps=e, uid), the server searches the
directory for an entry whose values for email and user ID match the information
gathered from the certificate.
Email addresses and user IDs are good filters because they are usually unique entries
in the directory. Keep in mind that email is not always included in the certificate
subject name. The filter needs to be specific enough to match one and only one entry
in the LDAP database.
Permissible values: Valid directory attributes (in the certificate DN) separated by
commas. The attribute names for the filters need to be attribute names from the
certificate, not from ones in the LDAP directory. For example, most certificates have
an E attribute for the user's email address; LDAP calls that attribute mail.
Example: UID
LdapDNCompsMap Plug-in Module
Chapter 5
Mapper Plug-in Modules
259
Advertisement
Table of Contents
Related Manuals for Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - PLUG-IN
Related Products for Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - CUSTOMIZATION GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - PLUG-IN