Syntax:
userid source=source-setting
Parameters:
|
source-setting
|
If this is set to
registration , certificate registration files are used to map certificates to
Enterprise Server user IDs. If it is set to
cn , the common name attribute of the certificate's Subject Distinguished Name is extracted and used as the user ID (or user
"long name" if name mapping is enabled with the map CN option). If it is set to
cn fallback , a registration is used if one exists; otherwise the certificate subject CN is used.
|
Properties:
| Default:
|
registration
|
| Values:
|
registration,
cn,
cn fallback
|
Comments:
This setting determines how the DCAS listener determines what Enterprise Server user ID is returned for a successful Format 1 request. The default is to look for a certificate mapping file for the certificate, and get the user ID from that; this was the behavior of earlier versions of the DCAS connector.
The cn and cn fallback options let DCAS get the user ID from the certificate itself, specifically from the CN component of the certificate's Subject Distinguished Name, possibly after passing it through ESF name mapping. If the certificate does not have a CN in its Subject name, the request is rejected.
Using the certificate as the user ID source can be useful if you wish to avoid provisioning certificate mappings.