Netscape MANAGEMENT SYSTEM 6.01 Installation And Setup Manual page 613

The second and subsequent lines in the named mapping match properties with
values. The
certmap.conf
be of use to you are explained below. For in depth detail about the
file, see Managing Servers with Netscape Console.
• —This is a list of comma-separated DN attribute tags used to
DNComps
determine where in the directory the server should start searching for directory
entries that match the Certificate Manager's information (that is, the owner of
the client certificate). The Directory Server gathers values for these tags from
the certificate presented by the Certificate Manager during client
authentication and uses the values to form an LDAP DN, which then
determines where the server starts its search in the directory. For example, if
you set
DNComps
( ) the server starts the search from the
DNComps=O,C
entry in the directory, where
from the values specified in the subject DN of the certificate presented for
client authentication.
If the
DNComps
entire LDAP tree for entries matching the filter.
If there isn't a
CmapLdapAttr
Manager's certificate.
The following component tags are supported for
and . Case is ignored. You can use
Mail
• —This is a list of comma-separated DN attribute tags used to
FilterComp
create a filter by gathering information from the subject DN in the certificate
presented during client authentication. Directory Server uses the values for
these tags to form the search criteria for matching entries in the directory. If
Directory Server finds one or more entries in the directory that match the
Certificate Manager's information gathered from the certificate, the search is
successful and the server optionally performs a verification. For example, if
is set to use the attribute tags
FilterComps
the server searches the directory for an entry whose values for
the Certificate Manager's information gathered from the client certificate.
Email addresses and user IDs are good filters because they are usually unique
entries in the directory.
Note that the filter needs to be specific enough to match only the Certificate
Manager's entry in the LDAP directory. The following component tags are
supported for
FilterComps
You can use or
E
Configuring a Certificate Manager to Publish Certificates and CRLs
file has six default properties, but the ones that should
to use the and
<O=org>
and
<org>
entry is present but has no value, the server searches the
entry in the mapping, the server uses either the
DNComps
setting (if present) or the entire subject DN in the Certificate
: , , ,
CN OU O
, but not both.
Mail
DN attribute tags
<C=country>
O=<org>
are replaced with values
<country>
:
DNComps CN
or , but not both.
E Mail
and (
E UID FilterComps=E,UID
, , , , and . Case is ignored.
C L ST E Mail
Chapter 19 Setting Up LDAP Publishing
certmap.conf
,
C=<country>
, , , , , , ,
OU O C L ST E
),
and match
E UID
613