Using Client Authentication204 Managing Servers with Netscape Console • December 2001organizational unit specified in the subject DN and searches for email addresses (e)that match the one specified in the certificate. If the certificate is from MyCA, theserver verifies the certificate. If the certificate is from another CA, the server doesnot verify it.Example of a Mapping with an Attribute SearchThis example uses the CmapLdapAttr property to search the directory for anattribute called certSubjectDN whose value exactly matches the entire subject DNin the client certificate:certmap MyCo ou=My Company Inc, o=MyCo, c=USMyCo:CmapLdapAttr certSubjectDNMyCo:DNComps o, cMyCo:FilterComps mail, uidMyCo:verifycert onIf the subject DN in the client certificate is uid=Henry Jones Junior, o=exampleInc, c=US, then the server searches for entries that havecertSubjectDN=uid=Henry Jones Junior, o=example Inc, c=US.If one or more matching entries are found, the server proceeds to verify the entries.If no matching entries are found, the server uses DNComps and FilterComps tosearch for matching entries. For the client certificate described above, the serverwould search for uid=Henry Jones Junior in all entries under o=example Inc,c=US.Using Client Authentication Between ServersIf both servers support it, you can use client authentication when establishing aconnection from one Netscape server to another. Typically, you use this feature toauthenticate an instance of Administration Server to another Netscape serverinstance. In these cases, the instance of Administration Server acts as the client.The following procedure tells you how to set up client authentication between aNetscape server and an instance of Administration Server.