Class MapDNPattern

java.lang.Object
com.netscape.cms.publish.mappers.MapDNPattern

public class MapDNPattern extends Object
class for parsing a DN pattern used to construct a ldap dn from request attributes and cert subject name.

dnpattern is a string representing a ldap dn pattern to formulate from the certificate subject name attributes and request attributes . If empty or not set, the certificate subject name will be used as the ldap dn.

The syntax is

        dnPattern := rdnPattern *[ "," rdnPattern ]
        rdnPattern := avaPattern *[ "+" avaPattern ]
                avaPattern := name "=" value |
                              name "=" "$subj" "." attrName [ "." attrNumber ] |
                              name "=" "$req" "." attrName [ "." attrNumber ] |
                          "$rdn" "." number
 
 Example1: cn=Certificate Manager,ou=people,o=mcom.com
 cert subject name: dn:  CN=Certificate Manager, OU=people, O=mcom.com
 request attributes: uid: cmanager
 

The dn formulated will be :
CN=Certificate Manager, OU=people, O=mcom.com

note: Subordinate ca enrollment will use ca mapper. Use predicate to distinguish the ca itself and the subordinates. Example2: UID=$req.HTTP_PARAMS.uid, OU=$subj.ou, O=people, , O=mcom.com cert subject name: dn: UID=jjames, OU=IS, O=people, , O=mcom.com request attributes: uid: cmanager

The dn formulated will be :
UID=jjames, OU=IS, OU=people, O=mcom.com

UID = the 'uid' attribute value in the request.
OU = the 'ou' value in the cert subject name.
O = the string people, mcom.com.

If an request attribute or subject DN component does not exist, the attribute is skipped. There is potential risk that a wrong dn will be mapped into.
Version:
$Revision$, $Date$
  • Field Details

    • logger

      public static org.slf4j.Logger logger
    • mReqAttrs

      protected String[] mReqAttrs
    • mCertAttrs

      protected String[] mCertAttrs
    • mRDNPatterns

      protected com.netscape.cms.publish.mappers.MapRDNPattern[] mRDNPatterns
    • mPatternString

      protected String mPatternString
    • mTestDN

      protected String mTestDN
  • Constructor Details

  • Method Details

    • formDN

      public String formDN(Request req, org.mozilla.jss.netscape.security.x509.X500Name subject, org.mozilla.jss.netscape.security.x509.CertificateExtensions ext) throws ELdapException
      Form a Ldap v3 DN string from a request and a cert subject name.
      Parameters:
      req - the request for (un)publish
      subject - the subjectDN of the certificate
      Returns:
      Ldap v3 DN string to use for base ldap search.
      Throws:
      ELdapException
    • getReqAttrs

      public String[] getReqAttrs()
    • getCertAttrs

      public String[] getCertAttrs()