Table of Contents
Advertisement
internaldb.ldapconn.port=<ldap_httpsport>
internaldb.ldapconn.secureConn=true
internaldb.ldapauth.clientCertNickname=Server-Cert
cert-<instance_name>
Go to the Directory Server console.
5.
Create an entry for the suffix which matches the subject DN of the CMS
6.
subsystem certificate for the subsystem using this internal database. For
example if your CA server certificate has a the subject name
c=jupiter.example.com,ou=marketing,o=example,l=mv,c=us then create a
suffix
o=example,l=mv,c=us
Go to Configuration Tab.
a.
Right click and select Data.
b.
Click on New Suffix and add the suffix
c.
Go to Directory tab and Right click "
7.
Add the entry created in Step 6 into the Configuration Administrators group.
8.
Click "set Access Control Permission" and then Click Add.
9.
Fill in the following information:
10.
ACIName. clientauth
Check all the rights in the Rights tab.
Click This Entry in the Targets tab.
Click OK.
11.
Restricting Access to the Internal Database
Netscape Console displays an entry or icon for the Directory Server instance that
CMS uses as its internal database. You can distinguish an internal database
instance from other Directory Server instances. It is in this form:
slapd-<cms_instance_id>-db
Unlike the CMS console, access to which is restricted to users with CMS
administrator privileges, the Directory Server console can be accessed by the person
who has privileges to access Netscape Console. That is, this person can open the
Directory Server console for the internal database and make changes to the data
stored there. For example, this person can make changes to the CMS administrators
group, such as deleting existing users and adding entries for self.
. To do this:
netscapeDirectoryServer
Chapter 7
The Internal Database
".
Administrative Basics
293
Advertisement
Table of Contents
