LdapSubjAttrMap Plug-in Module266 Netscape Certificate Management System Plug-ins Guide • October 2001LdapSubjAttrMap Plug-in ModuleThe LdapSubjAttrMap plug-in module implements the subject attribute mapper.This mapper enables you to configure a Certificate Manager to map a certificate toan LDAP directory entry by using the LDAP attribute named certSubjectDN.Note that for you to be able to use this mapper, your directory entries must includethe certSubjectDN attribute.This mapper requires you to specify the exact pattern of the subject DN because theCertificate Manager searches the directory for the certSubjectDN attribute whosevalue exactly matches the entire subject DN specified in the mapper configuration.For example, assume the certificate subject name is this:UID=jdoe, O=Siroe Corporation, C=USWhen searching the directory for the entry, the Certificate Manager first searchesfor entries that have these attributes in commoncertSubjectDN=UID=jdoe, O=Siroe Corporation, C=USand then narrows down the search to an entry that has only this:certSubjectDN=UID=jdoe, O=Siroe Corporation, C=USIf no matching entries are found, the server returns an error and writes it to the log;see section “Monitoring CMS Logs” in Chapter 23, “Managing CMS Logs” of CMSInstallation and Setup Guide.Configuration Parameters of LdapSubjAttrMapIn the configuration file, the LdapSubjAttrMap module is identified asca.publish.mapper.impl.LdapSubjAttrMap.class=com.netscape.certsrv.ldap.LdapCertSubjMap.In the CMS window, the module is identified as LdapSubjAttrMap. Figure 5-7shows how configurable parameters for the module are displayed in the CMSwindow.