This example represents a certmap.conf file with only one “default” mapping:
certmap default defaultdefault:DNComps ou, o, cdefault:FilterComps e, uiddefault:verifycert on
Using this example, the server starts its search at the LDAP branch point containing the entry ou=<orgunit>, o=<org>, c=<country> where the text within <> is replaced with the values from the subject’s DN in the client certificate.
The server then uses the values for email address and userid from the certificate to search for a match in the LDAP directory. When it finds an entry, the server verifies the certificate by comparing the one the client sent to the one stored in the directory.