[jira] [Comment Edited] (DIRKRB-303) Discuss and possibly define Ldap schema for Kerby KDC

Thu, 18 Jun 2015 03:30:14 -0700 

    [ 
https://issues.apache.org/jira/browse/DIRKRB-303?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14591611#comment-14591611
 ] 

Xu Yaning edited comment on DIRKRB-303 at 6/18/15 10:29 AM:
------------------------------------------------------------

Hi [~drankye],
For a ldap schema, the content contains several files. The following describes 
the attributes it contains
version: 1
dn: m-oid=1.3.6.1.4.1.5322.10.2.2,ou=objectClasses,cn=krb5kdc,ou=schema
m-must: krb5KeyVersionNumber
m-oid: 1.3.6.1.4.1.5322.10.2.2
m-obsolete: FALSE
m-supobjectclass: krb5Principal
objectclass: metaObjectClass
objectclass: metaTop
objectclass: top
m-name: krb5KDCEntry
m-typeobjectclass: AUXILIARY
creatorsname: uid=admin,ou=system
m-may: krb5ValidStart
m-may: krb5ValidEnd
m-may: krb5PasswordEnd
m-may: krb5MaxLife
m-may: krb5MaxRenew
m-may: krb5KDCFlags
m-may: krb5EncryptionType
m-may: krb5Key
m-may: krb5AccountDisabled
m-may: krb5AccountLockedOut
m-may: krb5AccountExpirationTime



was (Author: yaningxu):
Hi [~drankye],
For a ldap schema, the content contains several files. The following describes 
the attributes it contains
{{version: 1
dn: m-oid=1.3.6.1.4.1.5322.10.2.2,ou=objectClasses,cn=krb5kdc,ou=schema
m-must: krb5KeyVersionNumber
m-oid: 1.3.6.1.4.1.5322.10.2.2
m-obsolete: FALSE
m-supobjectclass: krb5Principal
objectclass: metaObjectClass
objectclass: metaTop
objectclass: top
m-name: krb5KDCEntry
m-typeobjectclass: AUXILIARY
creatorsname: uid=admin,ou=system
m-may: krb5ValidStart
m-may: krb5ValidEnd
m-may: krb5PasswordEnd
m-may: krb5MaxLife
m-may: krb5MaxRenew
m-may: krb5KDCFlags
m-may: krb5EncryptionType
m-may: krb5Key
m-may: krb5AccountDisabled
m-may: krb5AccountLockedOut
m-may: krb5AccountExpirationTime
}}

> Discuss and possibly define Ldap schema for Kerby KDC
> -----------------------------------------------------
>
>                 Key: DIRKRB-303
>                 URL: https://issues.apache.org/jira/browse/DIRKRB-303
>             Project: Directory Kerberos
>          Issue Type: New Feature
>            Reporter: Xu Yaning
>
> As discussed in DIRKRB-293 with [~akiran] and [~seelmann], it might be good 
> to discuss and possibly define an LDAP schema for Kerby KDC based on the one 
> present in ApacheDS ({{krb5kdc}}). This particularly works for the long term, 
> as for now only a few identity attributes are supported in Kerby, some time 
> later we'll need to enhance and support much more ones that's likely not 
> existing in the ApacheDS's schema krb5kdc.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to