> There are additional attributes for the ou=People. > > At the moment we're still using NIS and AFS on our linux systems. I want > the LDAP to provide a NIS replacement and authenticate via AFS and/or > KRB5 so I can gradually move our systems to KRB5. AFS, KRB5 and LDAP > will be provisioned from an identity management system in the near > future and I'm trying to provide the infrastructure for our systems. >
Do yourself a big favor and put kerberos entities in ou=Accounts. There is not a one to one relationship between accounts and people and you will make your life much easier in the future if you clearly make the split now. If you are going to use your ldap server only for a NIS replacement, then you might get by with just one ou. But that really limits where you can go in the future. - Booker C. Bense ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
