389-ds-base/lib/ldaputil/certmap.conf

#
# BEGIN COPYRIGHT BLOCK
# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
# Copyright (C) 2005 Red Hat, Inc.
# All rights reserved.
#
# License: GPL (version 3 or any later version).
# See LICENSE for details. 
# END COPYRIGHT BLOCK
#
#
# This file configures how a certificate is mapped to an LDAP entry.  See the
# documentation for more information on this file.
#
# The format of this file is as follows:
#	certmap <name> <issuerDN>
#	<name>:<prop1> [<val1>]
#	<name>:<prop2> [<val2>]
#
# Notes:
#
# 1.  Mapping can be defined per issuer of a certificate.  If mapping doesn't
#     exists for a particular 'issuerDN' then the server uses the default
#     mapping. 
#
# 2.  There must be an entry for <name>=default and issuerDN "default".
#     This mapping is the default mapping.
#
# 3.  '#' can be used to comment out a line.
#
# 4.  DNComps & FilterComps are used to form the base DN and filter resp. for 
#     performing an LDAP search while mapping the cert to a user entry.
#
# 5.  DNComps can be one of the following:
#	commented out - take the user's DN from the cert as is
#	empty         - search the entire LDAP tree (DN == suffix)
#	attr names    - a comma separated list of attributes to form DN
#
# 6.  FilterComps can be one of the following:
#	commented out - set the filter to "objectclass=*"
#	empty         - set the filter to "objectclass=*"
#	attr names    - a comma separated list of attributes to form the filter
#

certmap default		default
#default:DNComps
#default:FilterComps	e, uid
#default:verifycert	on
#default:CmapLdapAttr	certSubjectDN
#default:library	<path_to_shared_lib_or_dll>
#default:InitFn		<Init function's name>