DNs in Certificate Management System750 Netscape Certificate Management System Administrator’s Guide • February 2003Typically, an LDAP search consists of the following components:• The base DN—for example, O=example.com, C=US, which initiates a subtreesearch through all entries below this entry in the directory (in other words, allentries with the suffix O=example.com, C=US).• The search type, which can be a base search (only the entry specified by thebase DN is searched), a one-level search (only entries one level below the baseentry are searched), or a subtree search (all entries at all levels below the baseentry are searched).• The search filter, which specifies the search criteria applied to each entrywithin the scope of the search.When Certificate Management System is configured for LDAP publishing, thesearch point and search criteria are determined by the configuration parametervalues. In the absence of a base DN value, Certificate Management System uses DNcomponents in the certificate’s subject name to construct the base DN so that it cansearch the directory in order to publish to or update the appropriate directoryentry.Typically, when you configure Certificate Management System for LDAPpublishing, you set the base DN value to Directory Manager, so that it can use thepublishing directory’s root entry to start searching; see section “Configuring aCertificate Manager to Publish Certificates and CRLs” in Chapter 19, “Setting UpLDAP Publishing” of CMS Administrator’s Guide.DNs in Certificate Management SystemIn Certificate Management System, the characters allowed in a DN are based on thecomponents (attributes) as defined in the X.509 standard.Table I-2 lists the attributes supported by default and their character sets.Explanation of the character sets are in Table I-3. The set of attributes is extensible.Table I-2 Allowed characters for value typesAttribute Value type Object identifierCN Directory String 2.5.4.3OU Directory String 2.5.4.11O Directory String 2.5.4.10
