Complete Contents
Object Class Index
Attribute Index
Schema Supported by Directory Server 4.0
LDAP Overview
Object Classes
Attributes
Object Identifiers (OIDs)
Extending Server Schema
Schema Checking
ISO Country Codes
Sources of Related Information
Contents Object Class Index Attributes Index


memberCertificateDescription
Origin
Netscape Directory Server

Definition
A multivalued attribute. Each value is a description, a pattern, or a filter matching the subject DN of a certificate (usually certificates used for SSL client authentication).

memberCertificateDescription matches any certificate that contains a subject DN that contains the same AVAs as the description. The description may contain multiple "ou=" AVAs. A matching DN must contain those same "ou=" AVAs, in the same order, although it may contain other AVAs (including other "ou=" AVAs) interspersed. For any other attribute type (not ou), there should be at most one AVA of that type in the description. If there are several, all but the last are ignored.

A matching DN must contain that same AVA, but no other AVA of the same type nearer the root (later, syntactically).

AVAs are considered the same if they contain the same attribute description (case-insensitive comparison) and the same attribute value (case-insensitive comparison, leading and trailing whitespace ignored, and consecutive whitespace characters treated as a single SP).

In order to be considered a member of a group with the following memberCertificateDescription, a certificate would need to include ou=x, ou=A, and o=airius but not o=company.

memberCertificateDescription: {ou=x, ou=A, o=company, o=airius}

In order to match the group's requirements, a certificate's subject dns must contain the same ou attribute types in the same order as defined in the memberCertificateDescription attribute.

Syntax
ces

OID
2.16.840.1.113730.3.1.199



© Copyright 1999 Netscape Communications Corporation