Netscape MANAGEMENT SYSTEM 6.0 Installation And Setup Manual page 567

Note that to define a new attribute in any of the HTML forms, all you need to do is
to add the following line to the corresponding HTML form:
<input type="HIDDEN" name="attribute_name" value="attribute_value">
Assuming that the new attribute you define for the organizational unit is
the line you would add to the enrollment form would be:
<input type="HIDDEN" name="orgunit" value="Sales">
To add this line to an enrollment form, you would:
Open the corresponding HTML file in a text editor.
1.
Locate the section that lists the HTTP input variables.
2.
Add this line:
3.
<input type="HIDDEN" name="orgunit" value="Sales">
Save your changes and close the file.
4.
For the server to use the attribute (to distinguish enrollment requests from users in
the Sales unit versus those in the Manufacturing unit) to issue certificates with the
appropriate validity periods, you must formulate your predicate expression with
the attribute you added. Here's how you do this:
Create a new instance of the
1.
implementation.
Enter the appropriate values for all the attributes.
2.
Assume you named the instance
period to 10 days, set the maximum validity period to 180 days, defined the
predicate expression as
HTTP_PARAMS.orgunit==Sales
applied to only client certificate requests from users in the organizational unit
named Sales.)
A sample of the resulting configuration entries in the CMS configuration file
would be as follows:
ca.Policy.rule.ValidityRule1.enable=true
ca.Policy.rule.ValidityRule1.implName=ValidityConstraints
ca.Policy.rule.ValidityRule1.maxValidity=180
ca.Policy.rule.ValidityRule1.minValidity=10
ca.Policy.rule.ValidityRule1.predicate=HTTP_PARAMS.certType==
client AND HTTP_PARAMS.orgunit==Sales
ValidityConstraints
ValidityRule1
HTTP_PARAMS.certType==client AND
. (This expression specifies that the policy be
Introduction to Policy
orgunit
policy plug-in
, set the minimum validity
Chapter 18 Setting Up Policies
,
567