LdapDNCompsMap Plug-in Module
Chapter
5
Mapper Plug-in Modules
259
dnComps
Specifies where in the publishing directory the Certificate Manager should start
searching for an LDAP entry that matches the CA’s or the end entity’s information
(that is, the owner of the certificate).
The server uses the
dnComps
values to form an LDAP entry to begin a subtree search.
The server gathers values for these attributes from the certificate subject name and
uses the values to form an LDAP DN, which then determines where in the LDAP
directory the server starts its search. For example, if you set
dnComps
to use the
O
and
C
attributes of the DN, the server starts the search from the
O=
<
org
>,
C=
<
country
> entry in the directory, where <
org
> and <
country
> are replaced
with values from the DN in the certificate.
If you leave the
dnComps
field empty, the server checks the
baseDN
field and
searches the directory tree specified by that DN for entries matching the filter
specified by
filterComps
parameter values.
Permissible values: Valid DN components or attributes separated by commas.
Example:
O,C
filterComps
Specifies components the Certificate Manager should use to filter entries from the
search result. The server uses the
filterComps
values to form an LDAP search filter
for the subtree. The server constructs the filter by gathering values for these attributes
from the certificate subject name; it uses the filter to search for and match entries in
the LDAP directory.
If the server finds one or more entries in the LDAP directory that match the
information gathered from the certificate, the search is successful and the server
optionally performs a verification. For example, if
filterComps
is set to use the
email and user ID attributes (
filterComps=e
,
uid
), the server searches the
directory for an entry whose values for email and user ID match the information
gathered from the certificate.
Email addresses and user IDs are good filters because they are usually unique entries
in the directory. Keep in mind that email is not always included in the certificate
subject name. The filter needs to be specific enough to match one and only one entry
in the LDAP database.
Permissible values: Valid directory attributes (in the certificate DN) separated by
commas. The attribute names for the filters need to be attribute names from the
certificate, not from ones in the LDAP directory. For example, most certificates have
an
E
attribute for the user’s email address; LDAP calls that attribute
.
Example:
UID
Table 5-3
Description of parameters defined in the LdapDNCompsMap module (Continued)
Parameter
Description
Summary of Contents for Certificate Management System 6.0
Page 1: ...Plug Ins Guide Netscape Certificate Management System Version6 0 March 2002...
Page 10: ...10 Netscape Certificate Management System Plug Ins Guide March 2002...
Page 62: ...Enrollment Forms 62 Netscape Certificate Management System Plug Ins Guide March 2002...
Page 308: ...NTEventLog Plug in Module 308 Netscape Certificate Management System Plug Ins Guide March 2002...