LDAP Attribute Mapping
LDAP address list configuration relies on attribute mapping to manage settings, such as name and email address, on generated certificates. When configuring the attribute fields, you will need to specify the name of the LDAP attribute that the field should reference. For example, you might enter an LDAP attribute of mail into the Email field, instead of manually entering an email address. The attribute you enter into the fields can be any of those configured in your LDAP server.
For a number of optional LDAP attribute mapping fields, you can leave the fields blank and specify a default in the Certificate Details panel on the Trust Center Configuration page. These defaults will be used for any certificate
A digital means of proving your identity. When you send a digitally-signed message, you are sending your certificate and public key. Certificates are issued by a certification authority and can expire or be revoked. attributes for which the LDAP address list mapping returns an empty value.
Configure a Trust Center to reference LDAP address lists
|
As described in the Required information when configuring the Trust Center section, information you need to provide may vary, depending on the product type you have with SwissSign. |
-
Navigate to System > Encryption > Trust Center Configuration. The Trust Center Configuration page is displayed.
-
In the LDAP Address Lists panel, click
Add. The Add LDAP Address List dialog is displayed. -
In the Address List section, select an LDAP address list from the drop-down menu. Alternatively, create a new list.
-
In the LDAP Attribute Mapping section, specify the following fields.
Email
Common Name
Given Name
Surname
Pseudonym
Company
Department
State
Country
Required information
Note that the following are intended as general information only and subject to change.
Silver account Gold account Gold account using pseudonym Email Enter
mailEnter
mailEnter mailCommon Name Leave empty Enter cnEnter LDAP equivalent* (see note) Given Name Leave empty Enter givenNameLeave empty Surname Leave empty Enter snLeave empty Pseudonym Leave empty Leave empty Enter cnCompany Leave empty Leave empty Leave empty Department Leave empty Leave empty Leave empty State Leave empty Leave empty Leave empty Country Enter cEnter cEnter c*LDAP equivalent
You may need to adjust your source data for the mapping. For example, in AD, if the Description field under the General tab of the user object's Properties dialog is set to
pseudo: Account Team, you can then enterdescriptionin the Common Name field of the LDAP Attribute Mapping in the -
Click Add.
-
Apply the configuration.
Edit, remove, copy, enable or disable an LDAP address list settings
|
These actions are to modify the settings of an LDAP address list for the Trust Center usage. To modify fundamental configurations of the LDAP address list (e.g. server details), navigate to Policy > Policy References > Email Addresses. |
-
Navigate to System > Encryption > Trust Center Configuration. The Trust Center Configuration page is displayed.
-
In the LDAP Address Lists panel, select the list.
-
Click the action you require:
Edit
Remove
Copy
Enable
DisableIf you wish to temporarily stop the
-
Modify the setting and save or confirm the action.
-
Apply the configuration.
|
If you change any configuration or policy settings, you must Apply Configuration for the new settings to take effect. You can do this either from the Changes Made panel, or System > Configuration > Apply Configuration. See Apply new configuration for more information. If you use |