Netscape MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR Administrator's Manual page 759

For example:
CN=Example Corporation Certificate Authority, O=Example
Corporation, C=US
DN Patterns and Certificate Subject Names
You can configure Certificate Management System to issue certificates with subject
names that are formulated from the directory attributes and entry DN. The
configuration variable of the automated-enrollment modules enable
dnpattern
you to configure the server to issue certificates with required subject names. Note
that is a string representing a subject name pattern to formulate from
dnpattern
the directory attributes and entry DN. If empty or not set, Certificate Management
System uses the LDAP entry DN as the certificate subject name.
The configuration variable supports escaped commas and multiple
dnpattern
attribute variable assertions (AVAs) in a RDN. Below is the syntax for the DN
pattern followed by examples.
Syntax
dnPattern := rdnPattern *[ "," rdnPattern ]
rdnPattern := avaPattern *[ "+" avaPattern ]
avaPattern := name "=" value | name "=" "$attr" "." attrName [ "."
attrNumber ] | name "="
"$dn" "." attrName [ "." attrNumber ] | "$dn" "." "$rdn" "." number
Example 1
If the configured DN pattern is
E=$attr.mail.1, CN=$attr.cn, OU=$dn.ou.2, O=$dn.o, C=US
LDAP entry:
dn: UID=jdoe, OU=IS, OU=people, O=example.com
LDAP attributes:
LDAP attributes:
The subject name formulated will be as follows:
E=jdoe@example.com, CN=Jane Doe, OU=people, O=example.com, C=US
the first 'mail' LDAP attribute value in user's entry.
E=
the (first) '
CN= cn
the second '
OU= ou
the (first) ' ' value in the user's entry DN.
O= o
the string 'US'
C=
cn: Jane Doe
mail: jdoe@example.com
' LDAP attribute value in the user's entry.
' value in the user's entry DN.
DNs in Certificate Management System
Appendix I Distinguished Names 759