memberCertificateDescription

- Sun ONE defined attribute type

Synopsis

( 2.16.840.1.113730.3.1.199
 NAME 'memberCertificateDescription'
 DESC 'Sun ONE defined attribute type'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
 X-ORIGIN 'Sun ONE Directory Server' )

Description

A multi-valued attribute, for which each value is a description, a pattern, or a filter matching the subject DN of a certificate (usually certificates used for SSL client authentication).

memberCertificateDescription matches any certificate that contains a subject DN with the same AVAs as the description. The description may contain multiple ou= AVAs. A matching DN must contain those same ou= AVAs, in the same order, although it may contain other AVAs (including other ou= AVAs) interspersed. For any other attribute type (not ou), there should be at most one AVA of that type in the description. If there are several, all but the last are ignored.

A matching DN must contain that same AVA, but no other AVA of the same type nearer the root (later, syntactically).

AVAs are considered the same if they contain the same attribute description (case-insensitive comparison) and the same attribute value (case-insensitive comparison, leading and trailing whitespace ignored, and consecutive whitespace characters treated as a single SP).

In order to be considered a member of a group with the following memberCertificateDescription, a certificate would need to include ou=x, ou=A, and o=example, but not o=company.

SYNTAX

IA5 String, multi-valued.

Examples

memberCertificateDescription: {ou=x, ou=A, o=company, o=example}

In order to match the group's requirements, a certificate's subject DNs must contain the same ou attribute types in the same order as defined in the memberCertificateDescription attribute.

Attributes

See attributes(5) for descriptions of the following attributes: