Specifying an LDAP URI
For LDAP, there are two ways to indicate the CRLDistURIn value. Choose either of the following
two methods:
- Specify the protocol and the domain name (and the port, if needed).
The value for CRLDistURIn can be
specified with or without a trailing slash.Example:
CRLDistURI1=ldap://ldap.bankxyz.com:389/
- Specify the keyword LdapServern to
have PKI Services build the CRLDistURIn value
for you based on a server identified by the Servern or BindProfilen directives in the LDAP section
of pkiserv.conf. Example:
This example assumes that the first server specified in the LDAP section was similarly defined as one of the following examples:CRLDistURI3=LdapServer1
Examples:
Rules for using the LdapServern keyword:Server1=ldap.bankxyz.com:389 or BindProfile1=LOCALPKI.BINDINFO.LDAP1
- You must have specified a value greater than zero for NumServers in the LDAP section of pkiserv.conf.
- Each server represented by the n value
in the LdapServern keyword must
be identified in one of the following ways:
- The corresponding LDAP server must be identified by a Servern or BindProfilen value in the LDAP section of pkiserv.conf, or
- The corresponding LDAP server must be identified in the default FACILITY class profile IRR.PROXY.DEFAULTS and must follow the same identification requirements for PKI Services LDAP processing. See Using encrypted passwords for LDAP servers.