[jira] [Commented] (DIRKRB-303) Discuss and possibly define Ldap schema for Kerby KDC

Thu, 18 Jun 2015 03:29:44 -0700 

    [ 
https://issues.apache.org/jira/browse/DIRKRB-303?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14591610#comment-14591610
 ] 

Kai Zheng commented on DIRKRB-303:
----------------------------------

Please note, AFAIK, we're having two pluggable modules for the LDAP backend 
support, the one for ApacheDS server which accepts {{DirectoryService}} 
instance which is well prepared by ApacheDS server including the schema stuff, 
in this case the schema in effective should be compatible with the existing one 
used in ApacheDS. So once Kerby is released and ready, ApacheDS can be updated 
to use Kerby seamlessly. The other one is for any popular LDAP server that 
accesses the LDAP server via network connection thru the LDAP client API 
provided by ApacheDS, in this case the schema in effective should be provided 
by Kerby and provisioned by user. 

For the two cases, two question are: 
1) Is it possible to use the same schema? I guess so, in most cases we can 
update the schema in much sync-ed sense with ApacheDS's concern; 
2) Based on the same schema, could we have different real implementations in 
Java codes for the backend? As discussed above, for some operational 
attributes, it may be populated automatically in ApacheDS, but in other LDAP 
server, it may be not.

> Discuss and possibly define Ldap schema for Kerby KDC
> -----------------------------------------------------
>
>                 Key: DIRKRB-303
>                 URL: https://issues.apache.org/jira/browse/DIRKRB-303
>             Project: Directory Kerberos
>          Issue Type: New Feature
>            Reporter: Xu Yaning
>
> As discussed in DIRKRB-293 with [~akiran] and [~seelmann], it might be good 
> to discuss and possibly define an LDAP schema for Kerby KDC based on the one 
> present in ApacheDS ({{krb5kdc}}). This particularly works for the long term, 
> as for now only a few identity attributes are supported in Kerby, some time 
> later we'll need to enhance and support much more ones that's likely not 
> existing in the ApacheDS's schema krb5kdc.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to