[
https://issues.apache.org/jira/browse/DIRKRB-303?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14591638#comment-14591638
]
Kai Zheng commented on DIRKRB-303:
----------------------------------
Kiran,
As I said before, for the current time being I agree it's the best option to
rely on the schema existing in ApacheDS.
bq. any updates to this schema will be checked into the ApacheDS code base that
way it gets tested for free in the LDAP server and one less thing to worry
about.
I'm not sure about this, because: 1) this incurs a dep that Kerby will rely on
ApacheDS for this schema stuff, but on the other hand, ApacheDS will rely on
Kerby to use the KDC. Avoiding the new dep will ensure the two projects can be
released more flexibly. 2) For any new functionality to be added by Kerby
related to the LDAP support, the necessary change would be made directly in
Kerby side, well tested and released, then sync-ed into ApacheDS. This will
make the development much easier because new contributors don't have to look at
two projects. For the good test facilities available in ApacheDS, I thought we
could port them to Kerby side or come up similar ones to ensure the necessary
tests are covered.
> Discuss and possibly define Ldap schema for Kerby KDC
> -----------------------------------------------------
>
> Key: DIRKRB-303
> URL: https://issues.apache.org/jira/browse/DIRKRB-303
> Project: Directory Kerberos
> Issue Type: New Feature
> Reporter: Xu Yaning
>
> As discussed in DIRKRB-293 with [~akiran] and [~seelmann], it might be good
> to discuss and possibly define an LDAP schema for Kerby KDC based on the one
> present in ApacheDS ({{krb5kdc}}). This particularly works for the long term,
> as for now only a few identity attributes are supported in Kerby, some time
> later we'll need to enhance and support much more ones that's likely not
> existing in the ApacheDS's schema krb5kdc.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
