For LDAP, there are two ways to indicate the
CRLDistURIn value. Choose either of the following
two methods:
- Specify the protocol and the domain name (and the port, if needed).
The value for CRLDistURIn can be
specified with or without a trailing slash.
Example:CRLDistURI1=ldap://ldap.bankxyz.com:389/
- Specify the keyword LdapServern to
have PKI Services build the CRLDistURIn value
for you based on a server identified by the Servern or BindProfilen directives in the LDAP section
of pkiserv.conf.
Example:CRLDistURI3=LdapServer1
This
example assumes that the first server specified in the
LDAP section
was similarly defined as one of the following examples:
Examples:Server1=ldap.bankxyz.com:389
or
BindProfile1=LOCALPKI.BINDINFO.LDAP1
Rules for
using the LdapServern keyword: - You must have specified a value greater than zero for NumServers in
the LDAP section of pkiserv.conf.
- Each server represented by the n value
in the LdapServern keyword must
be identified in one of the following ways:
- The corresponding LDAP server must be identified by a Servern or BindProfilen value
in the LDAP section of pkiserv.conf, or
- The corresponding LDAP server must be identified in the default
FACILITY class profile IRR.PROXY.DEFAULTS and must follow the same
identification requirements for PKI Services LDAP processing. See Using encrypted passwords for LDAP servers.