public class DNPattern
extends java.lang.Object
dnpattern is a string representing a subject name pattern to formulate from the directory attributes and entry dn. If empty or not set, the ldap entry DN will be used as the certificate subject name.
The syntax is
dnPattern := rdnPattern *[ "," rdnPattern ] rdnPattern := avaPattern *[ "+" avaPattern ] avaPattern := name "=" value | name "=" "$attr" "." attrName [ "." attrNumber ] | name "=" "$dn" "." attrName [ "." attrNumber ] | "$dn" "." "$rdn" "." number
Example1: E=$attr.mail.1, CN=$attr.cn, OU=$dn.ou.2, O=$dn.o, C=US Ldap entry: dn: UID=jjames, OU=IS, OU=people, O=acme.org Ldap attributes: cn: Jesse James Ldap attributes: mail: jjames@acme.orgThe subject name formulated will be :
E=jjames@acme.org, CN=Jesse James, OU=people, O=acme.org, C=USE = the first 'mail' ldap attribute value in user's entry.
CN = the (first) 'cn' ldap attribute value in the user's entry.
OU = the second 'ou' value in the user's entry DN.
O = the (first) 'o' value in the user's entry DN.
C = the string "US"Example2: E=$attr.mail.1, CN=$attr.cn, OU=$dn.ou.2, O=$dn.o, C=US Ldap entry: dn: UID=jjames, OU=IS+OU=people, O=acme.org Ldap attributes: cn: Jesse James Ldap attributes: mail: jjames@acme.org
The subject name formulated will be :
E=jjames@acme.org, CN=Jesse James, OU=people, O=acme.org, C=USE = the first 'mail' ldap attribute value in user's entry.
CN = the (first) 'cn' ldap attribute value in the user's entry.
OU = the second 'ou' value in the user's entry DN. note multiple AVAs in a RDN in this example.
O = the (first) 'o' value in the user's entry DN.
C = the string "US"
Example3: CN=$attr.cn, $rdn.2, O=$dn.o, C=US Ldap entry: dn: UID=jjames, OU=IS+OU=people, O=acme.org Ldap attributes: cn: Jesse James Ldap attributes: mail: jjames@acme.orgIf an attribute or subject DN component does not exist the attribute is skipped.The subject name formulated will be :
CN=Jesse James, OU=IS+OU=people, O=acme.org, C=USCN = the (first) 'cn' ldap attribute value in the user's entry.
followed by the second RDN in the user's entry DN.
O = the (first) 'o' value in the user's entry DN.
C = the string "US"Example4: CN=$attr.cn, OU=$dn.ou.2+OU=$dn.ou.1, O=$dn.o, C=US Ldap entry: dn: UID=jjames, OU=IS+OU=people, O=acme.org Ldap attributes: cn: Jesse James Ldap attributes: mail: jjames@acme.org
The subject name formulated will be :
CN=Jesse James, OU=people+OU=IS, O=acme.org, C=USCN = the (first) 'cn' ldap attribute value in the user's entry.
OU = the second 'ou' value in the user's entry DN followed by the first 'ou' value in the user's entry. note multiple AVAs in a RDN in this example.
O = the (first) 'o' value in the user's entry DN.
C = the string "US"
Modifier and Type | Field and Description |
---|---|
protected java.lang.String |
mPatternString |
protected com.netscape.cms.authentication.RDNPattern[] |
mRDNPatterns |
protected java.lang.String |
mTestDN |
Constructor and Description |
---|
DNPattern(java.io.PushbackReader in) |
DNPattern(java.lang.String pattern)
Construct a DN pattern by parsing a pattern string.
|
Modifier and Type | Method and Description |
---|---|
java.lang.String |
formDN(netscape.ldap.LDAPEntry entry)
Form a Ldap v3 DN string from results of a ldap search.
|
java.lang.String[] |
getLdapAttrs() |
protected com.netscape.cms.authentication.RDNPattern[] mRDNPatterns
protected java.lang.String mPatternString
protected java.lang.String mTestDN
public DNPattern(java.lang.String pattern) throws EAuthException
pattern
- the DN patternEBaseException
- If parsing error occurs.EAuthException
public DNPattern(java.io.PushbackReader in) throws EAuthException
EAuthException
public java.lang.String formDN(netscape.ldap.LDAPEntry entry) throws EAuthException
entry
- LDAPentry from a ldap searchEAuthException
public java.lang.String[] getLdapAttrs()