Directories
The directories to be used to provide user certificates are defined in the directories section of the .json file, which is divided into several sub-sections: ldap and pgp.
For more information on configuring this feature, refer to the section Configuring corporate directories in the Administration guide.
ldap section
LDAP directories are configured in the Idap section described in the table below. In the SDMC administration console, the equivalent parameters are found in Policies > Directories > LDAP.
| Parameter | Type Description | Prescribed values | SDMC |
|---|---|---|---|
| addWildcardSuffix InFilter |
Indicates whether search criteria must have the suffix "*". |
true, false |
Suffix search criteria by "*" |
| addWildcardPrefix InFilter |
Indicates whether search criteria must have the prefix "*" |
true, false |
N/A |
| addUserCertificate BinaryFilter |
Indicates whether "usercertificate;binary=*" must be added to the search filter to return only LDAP entities that have a certificate. |
true, false |
N/A |
| ldapAddressBookList | List of unique IDs in LDAP directories accessible to users. You will find the IDs in the list of LDAP directories in the ldapData section of the .json file. |
List of unique |
Add from library |
| automaticUpdate |
Optional. Indicates how to manage updates of the trusted address book and its certificates. Automatic updates are applied only if all parameters are fulfilled.
|
Update the directory automatically | |
| downloadCrlsUponVerification: Indicates whether the CRL must be downloaded when verifying the certificate. |
true, false |
N/A | |
| onPeriodicHours: Frequency with which updates are performed (in hours). | Positive integer between 1 and 24 | Update frequency | |
| onUserConnection: indicates whether the update begins when the user logs in. | true, false | Start the directory update when the user connects to the SDS account | |
| updateValidCertificatesWithNewerOnes: Indicates whether valid certificates must be updated with more recent certificates. | true, false |
Update certificates saved in the trusted directory with most recent certificates from an LDAP directory | |
|
updateOnlyFromCAs: Optional. List of unique IDs of authorities from which updates are to be applied. You will find the IDs in the list of authorities in the certificateData section of the .json file. If this field is empty, all authorities will be taken into account. |
List of character strings, each of which corresponds to the “id” field of an object in the “certificateData” list of the policy. | N/A | |
| expiredCertificates: Indicates how to manage the deletion of expired certificates. | Deletion of expired certificates | ||
| updateWithNewerOnes: Indicates whether they must be updated with more recent certificates. This criterion is based on the list provided by the parameter "updateOnlyFromCAs". |
true, false |
Update expired certificates
|
|
| removeFromLocalDirectory: Indicates whether the certificate must be removed from the local directory. |
true, false |
Delete automatically | |
| removeOnlyFromCAs: Optional. List of unique IDs of authorities from which deletion will be applied. You will find the IDs in the list of authorities in the certificateData section of the .json file. If this field is empty, all authorities will be taken into account. |
List of character strings, each of which corresponds to the “id” field of an object in the “certificateData” list of the policy. |
Selection of CAs that issue certificates to be deleted automatically when they expire | |
| revokedCertificates: Indicates how to manage the deletion of expired certificates. | Deletion of certificates revoked | ||
| updateWithNewerOnes: Indicates whether they must be updated with more recent certificates. This criterion is based on the list provided by the parameter "updateOnlyFromCAs". |
true, false |
Update revoked certificates |
|
| removeFromLocalDirectory: Indicates whether the certificate must be removed from the local directory. |
true, false |
Delete automatically | |
| removeOnlyFromCAs: Optional. List of unique IDs of authorities from which deletion will be applied. You will find the IDs in the list of authorities in the certificateData section of the .json file. If this field is empty, all authorities will be taken into account. |
List of character strings, each of which corresponds to the “id” field of an object in the “certificateData” list of the policy. |
Selection of CAs issuing certificates to delete automatically when they are revoked | |
| missingCertificates: Indicates how to manage the deletion of absent certificates. The parameters are the same as those for "expiredCertificates" (see above). | Deletion of certificates removed from the LDAP directory | ||
| updateWithNewerOnes: Indicates whether they must be updated with more recent certificates. This criterion is based on the list provided by the parameter "updateOnlyFromCAs". |
true, false |
Update missing certificates when searching for coworkers
|
|
| removeFromLocalDirectory: Indicates whether the certificate must be removed from the local directory. |
true, false |
Delete automatically | |
| removeOnlyFromCAs: Optional. List of unique IDs of authorities from which deletion will be applied. You will find the IDs in the list of authorities in the certificateData section of the .json file. If this field is empty, all authorities will be taken into account. |
List of strings |
Selection of CAs issuing certificates to delete automatically when they are removed from the LDAP directory | |
pgp section
Files included in decryption lists are automatically decrypted at a predetermined time or when a predetermined event takes place. The following parameters are specified in the directories.pgp section of the .json file.
| Parameter | Type Description | SDMC | |
|---|---|---|---|
| wkdServers |
Parametric URLs to servers hosting public keys that can be accessed by the WKD (Web Key Directory) schema. They must be in the following form, the sections in bold being kept as is:
|
List of strings |
WKD servers |