The syntax of the 'cert_filter' certificate filter is not valid. The correct syntax is: LDAP attribute=${Client certificate attribute} (for example, uid=${SubjectCN}).
Explanation
The syntax or structure of this filter is: LDAP attribute=${Client certificate attribute} (for example, uid=${SubjectCN}).
The left side of the filter specification is an LDAP attribute that depends on the schema that your LDAP server is configured to use.
The right side of the filter specification is one of the public attributes in your client certificate. The right side must begin with a dollar sign ($) and an open brace ({) and end with a close brace (}).
You can use the following certificate attribute values on the right side of the filter specification.
The strings are case sensitive:
${UniqueKey}
${PublicKey}
${Issuer}
${NotAfter}
${NotBefore}
${SerialNumber}
${SigAlgName}
${SigAlgOID}
${SigAlgParams}
${SubjectCN}
${Version}
Programmer response
Ensure that the certificate filter follows the syntax.