Subjectdirectoryattributesext - Netscape MANAGEMENT SYSTEM 6.2 - ADMINISTRATOR Administrator's Manual

If you enable the default policy rule, the server automatically checks the certificate
request for attributes
and
HTTP_PARAMS.csrRequestorEmail
sets the attribute value in the extension and then adds the extension to certificates
specified by the
server does not add the subject alternative name extension to the certificate.

SubjectDirectoryAttributesExt

The
SubjectDirectoryAttributesExt
Subject Directory Attributes Extension to certificates. The extension is used to specify
any desired directory attribute values for the subject of the certificate.
For general information about this extension, see "subjectDirectoryAttributes" on
page 767.
The subject directory attributes extension policy in CMS allows you to include up
to three directory attributes in the extension. For each attribute that you want to
include in the extension, you need to specify the attribute name and its value—the
name must be the X.500 directory attribute name itself and the attribute value can
be derived from the request or directly entered in the policy configuration as a
string value.
The list of directory attributes supported by default are shown as permissible
values for the
on page 559. You can extend the list of attributes supported by the policy by
defining new X.500 directory attributes. For details on defining new attributes, see
"Extending Attribute Support" on page 786.
Note that, during installation, CMS does not create an instance of the subject
directory attributes extension policy. If you want the server to add this extension to
certificates, you must create an instance of the
module and configure it.
Table 11-40 SubjectDirectoryAttributesExt Configuration Parameters
Parameter
enable
predicate
AUTH_TOKEN.mail
parameter. If none of the attributes are in a request, the
predicate
attribute<n>.attributeName
Description
Specifies whether the rule is enabled or disabled. Select to enable, deselect to
disable.
Specifies the predicate expression for this rule. If you want this rule to be
applied to all certificate requests, leave the field blank (default). To form a
predicate expression, see "Using Predicates in Policy Rules," on page 483.
Extension-Specific Policy Module Reference
,
AUTH_TOKEN.mailalternateaddress
. If the server finds any of the attributes, it
plug-in module enables you to add the
parameter explained in Table 11-40
SubjectDirectoryAttributesExt
,
Chapter 11 Policies 559