freeipa/install/share/certmap.conf.template

#
# This file configures how a certificate is mapped to an LDAP entry.  See the
# documentation for more information on this file.
#
# The format of this file is as follows:
#	certmap <name> <issuerDN>
#	<name>:<prop1> [<val1>]
#	<name>:<prop2> [<val2>]
#
# Notes:
#
# 1.  Mapping can be defined per issuer of a certificate.  If mapping doesn't
#     exists for a particular 'issuerDN' then the server uses the default
#     mapping. 
#
# 2.  There must be an entry for <name>=default and issuerDN "default".
#     This mapping is the default mapping.
#
# 3.  '#' can be used to comment out a line.
#
# 4.  DNComps & FilterComps are used to form the base DN and filter resp. for 
#     performing an LDAP search while mapping the cert to a user entry.
#
# 5.  DNComps can be one of the following:
#	commented out - take the user's DN from the cert as is
#	empty         - search the entire LDAP tree (DN == suffix)
#	attr names    - a comma separated list of attributes to form DN
#
# 6.  FilterComps can be one of the following:
#	commented out - set the filter to "objectclass=*"
#	empty         - set the filter to "objectclass=*"
#	attr names    - a comma separated list of attributes to form the filter
#

certmap default         default
#default:DNComps
#default:FilterComps    e, uid
#default:verifycert     on
#default:CmapLdapAttr   certSubjectDN
#default:library        <path_to_shared_lib_or_dll>
#default:InitFn         <Init function's name>
default:DNComps
default:FilterComps     uid
certmap ipaca           CN=Certificate Authority,$SUBJECT_BASE
ipaca:CmapLdapAttr      seeAlso
ipaca:verifycert        on