Certificate Provider (Conf)


../../../../_images/certificate-provider.png

In this section, the administrator can create new certificate providers. To add a new provider, click on New Provider, enter the name of the provider, then press the Save Changes button.

To fill in fields in an easier and quicker way, press the Preset button, and from the arrow icon on the right, select one provider (LDAP or Active Directory).

The certificate provider is used on the BPM mail node on the Web admin console to enable the S/MIME encryption.

To edit an existing provider click the checkbox next to the provider and then on Edit.

To delete an existing provider, select the provider and press the Trash button, then press Confirm.

Note

The Connection should fit the company domain and the Attribute Mapping represents the default configuration and can be changed only if LDAP scheme has been changed or the user is searching for another field.

Connection

This part contains settings to connect to the provider.

  • URL: the address of the provider.

  • User DN: the user who performs queries on the provider.

  • Password: the password of the user specified in userDN.

  • Confirm Password: the password of the user specified in userDN entered in the upper field.

  • Authentication Type: authentication mechanism used by the LDAP protocol. Possible values are SIMPLE or GSSAPI.

  • Realm (only GSSAPI): the GSSAPI/Kerberos authentication realm.

  • Kerberos KDC (only GSSAPI): the KDC (Key Distribution Center) for GSSAPI/Kerberos. Usually the Domain Controller.

  • Base path: the starting path used to build the search path for queries.

  • Connection timeout: the time in milliseconds after which a connection attempt is aborted and the server is deemed unreachable.

  • Read timeout: the timeout of the query.

  • Dereference aliases: it specifies how the aliases are dereferenced -for further details, refer to the Aliases and Dereferencing Aliases appendix.

  • Context pooled: it enables the provider to use an already existing connection for users.

Note

Protect special characters in LDAP/AD query strings. For further details, refer to Special Characters.

Attribute Mapping

  • Username attribute: the attribute value for user's username.

  • Email attribute: the attribute value for user's email.

  • Certificate attribute: the attribute value for user's certificate.

To save, press the Save Changes button and then Back.

Testing

Using the test feature, users can perform a search for the certificate provider. To perform a test, click on Test button.

Fill in the Search field (first name or last name, do NOT enter the username) and click on Test.

If the search is successful, the corresponding information is displayed.

Note

An error message usually appears after a misconfiguration in the Connection INFO section. Review these settings first.

Note

After configuration changes are made, restart the Genius Server.