Use the TTLSGskLdapParms statement to define a set of LDAP parameters to be used for Certificate Revocation List (CRL) checking for an AT-TLS environment action. A TTLSGskLdapParms statement can be specified inline in a TTLSEnvironmentAction statement or referenced by an TTLSEnvironmentAction statement.
>>-TTLSGskLdapParms--+------+--| Put Braces and Parameters on Separate Lines |->< '-name-' Put Braces and Parameters on Separate Lines |--+-{-------------------------------+--------------------------| +-| TTLSGskLdapParms Parameters |-+ '-}-------------------------------' TTLSGskLdapParms Parameters .---------------------------. V | |------GSK_LDAP_SERVER value---+--------------------------------> >--+--------------------------------------------+---------------> '-GSK_LDAP_USER value-GSK_LDAP_USER_PW value-' >--+----------------------------+-------------------------------> '-GSK_LDAP_SERVER_PORT value-' >--+-----------------------------+------------------------------> '-GSK_CRL_CACHE_TIMEOUT value-' >--+------------------------------------+-----------------------| '-GSK_CRL_SECURITY_LEVEL--+-Low----+-' +-Medium-+ '-High---'
Rule: If this TTLSGskLdapParms statement is not specified inline within another statement, a name value must be provided. If a name is not specified for an inlineTTLSGskLdapParms statement, a nonpersistent system name is created.
GSK_LDAP_USER cn=cert #label
value used: cn=cert #label
Restriction: When the value contains embedded blanks, you must specify the entire value within the first 1 536 characters of the configuration file line.
Tip: The located CRLs are cached according to the GSK_CRL_CACHE_TIMEOUT paramenter setting of the SSL environment.