112
Netscape Directory Server Schema Reference • October 2004
member
Definition
Identifies the distinguished names for each member of the group.
For example:
member: cn=John Doe, o=example.com
This attribute is defined in RFC 2256.
Syntax
DN, multi-valued.
OID
2.5.4.31
memberCertificateDescription
Definition
This attribute is a multivalued attribute where each value is a description, a
pattern, or a filter matching the subject DN of a certificate (usually certificates
used for SSL client authentication).
memberCertificateDescription
matches any certificate that contains a subject
DN with the same AVAs as the description. The description may contain multiple
"
ou
=" AVAs. A matching DN must contain those same "
ou
=" AVAs, in the same
order, although it may contain other AVAs (including other "
ou
=" AVAs)
interspersed. For any other attribute type (not
ou
), there should be at most one
AVA of that type in the description. If there are several, all but the last are
ignored.
A matching DN must contain that same AVA but no other AVA of the same type
nearer the root (later, syntactically).
AVAs are considered the same if they contain the same attribute description
(case-insensitive comparison) and the same attribute value (case-insensitive
comparison, leading and trailing whitespace ignored, and consecutive whitespace
characters treated as a single SP).
In order to be considered a member of a group with the following
memberCertificateDescription
, a certificate would need to include
ou
=x,
ou
=A, and
o
=example, but not
o
=company.
Summary of Contents for NETSCAPE DIRECTORY SERVER 7.0
Page 1: ...Schema Reference Netscape Directory Server Version7 0 October 2004 ...
Page 10: ...10 Netscape Directory Server Schema Reference October 2004 ...
Page 24: ...Schema Checking 24 Netscape Directory Server Schema Reference October 2004 ...
Page 140: ...140 Netscape Directory Server Schema Reference October 2004 ...
Page 178: ...178 Netscape Directory Server Schema Reference October 2004 ...