Manualshelf

HP-UX Directory Server 8.1 schema reference

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server
31323334353637383940
MultivaluedMulti- or Single-Valued
RFC 2256Defined in
2.74 memberCertificateDescription
This attribute is a multivalued attribute where each value is a description, a pattern, or a filter
matching the subject DN of a certificate, usually a certificate used for SSL client authentication.
memberCertificateDescription matches any certificate that contains a subject DN with
the same attribute-value assertions (AVAs) as the description. The description may contain
multiple ou AVAs. A matching DN must contain those same ou AVAs, in the same order,
although it may be interspersed with other AVAs, including other ou AVAs. For any other
attribute type (not ou), there should be at most one AVA of that type in the description. If there
are several, all but the last are ignored.
A matching DN must contain that same AVA but no other AVA of the same type nearer the root
(later, syntactically).
AVAs are considered the same if they contain the same attribute description (case-insensitive
comparison) and the same attribute value (case-insensitive comparison, leading and trailing
whitespace ignored, and consecutive whitespace characters treated as a single space).
To be considered a member of a group with the following memberCertificateDescription
value, a certificate needs to include ou=x, ou=A, and dc=example, but not dc=company.
memberCertificateDescription: {ou=x, ou=A, dc=company, dc=example}
To match the group's requirements, a certificate's subject DNs must contain the same ou attribute
types in the same order as defined in the memberCertificateDescription attribute.
2.16.840.1.113730.3.1.199OID
IA5StringSyntax
MultivaluedMulti- or Single-Valued
Directory ServerDefined in
2.75 memberOf
This attribute contains the name of a group to which the user is a member.
memberOf is the default attribute generated by the MemberOf Plug-in on the user entry of a
group member. This attribute is automatically synchronized to the listed member attributes in
a group entry, so that displaying group membership for entries is managed by Directory Server.
NOTE:
This attribute is only synchronized between group entries and the corresponding members' user
entries if the MemberOf Plug-in is enabled and is configured to use this attribute.
1.2.840.113556.1.2.102OID
DNSyntax
MultivaluedMulti- or Single-Valued
Netscape Delegated AdministratorDefined in
2.74 memberCertificateDescription 33