Class MapDNPattern
dnpattern is a string representing a ldap dn pattern to formulate from the certificate subject name attributes and request attributes . If empty or not set, the certificate subject name will be used as the ldap dn.
The syntax is
dnPattern := rdnPattern *[ "," rdnPattern ] rdnPattern := avaPattern *[ "+" avaPattern ] avaPattern := name "=" value | name "=" "$subj" "." attrName [ "." attrNumber ] | name "=" "$req" "." attrName [ "." attrNumber ] | "$rdn" "." number
Example1: cn=Certificate Manager,ou=people,o=mcom.com cert subject name: dn: CN=Certificate Manager, OU=people, O=mcom.com request attributes: uid: cmanagerIf an request attribute or subject DN component does not exist, the attribute is skipped. There is potential risk that a wrong dn will be mapped into.The dn formulated will be :
CN=Certificate Manager, OU=people, O=mcom.comnote: Subordinate ca enrollment will use ca mapper. Use predicate to distinguish the ca itself and the subordinates. Example2: UID=$req.HTTP_PARAMS.uid, OU=$subj.ou, O=people, , O=mcom.com cert subject name: dn: UID=jjames, OU=IS, O=people, , O=mcom.com request attributes: uid: cmanager
The dn formulated will be :
UID=jjames, OU=IS, OU=people, O=mcom.comUID = the 'uid' attribute value in the request.
OU = the 'ou' value in the cert subject name.
O = the string people, mcom.com.
- Version:
- $Revision$, $Date$
-
Field Summary
Fields -
Constructor Summary
ConstructorsConstructorDescriptionMapDNPattern
(String pattern) Construct a DN pattern by parsing a pattern string. -
Method Summary
-
Field Details
-
logger
public static org.slf4j.Logger logger -
mReqAttrs
-
mCertAttrs
-
mRDNPatterns
protected com.netscape.cms.publish.mappers.MapRDNPattern[] mRDNPatterns -
mPatternString
-
mTestDN
-
-
Constructor Details
-
MapDNPattern
Construct a DN pattern by parsing a pattern string.- Parameters:
pattern
- the DN pattern- Throws:
EBaseException
- If parsing error occurs.ELdapException
-
MapDNPattern
- Throws:
ELdapException
-
-
Method Details
-
formDN
public String formDN(Request req, org.mozilla.jss.netscape.security.x509.X500Name subject, org.mozilla.jss.netscape.security.x509.CertificateExtensions ext) throws ELdapException Form a Ldap v3 DN string from a request and a cert subject name.- Parameters:
req
- the request for (un)publishsubject
- the subjectDN of the certificate- Returns:
- Ldap v3 DN string to use for base ldap search.
- Throws:
ELdapException
-
getReqAttrs
-
getCertAttrs
-