[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LDAP layouts for Heimdal

Quoting Norbert Klasen <norbert+lists.heimdal-discuss@burgundy.dyndns.org>:

> --On Sonntag, 9. November 2003 05:21 +0800 Chris Hamilton
> <chris@ambigc.com> wrote:
> > Well there is my problem then.  I am using the schema at
> > http://www.padl.com/~lukeh/XAD/hdb.schema
> > on 2.1.22 ldap with BDB backend.  I can add things to a person object.
> > However after I add krb5Principal to the entry, inetOrgPerson can not be
> > added.  I just tested sambaSamAccount and it adds afterwards, so does
> > krb5KDCEntry.  So what is specifically conflicting in this case between
> > krb5Principal and inetOrgPerson(organizationalPerson more specifically)?
> > I don't see how, but I am new to this.
> Are you trying to add inetOrgPerson to the objectClass attribute of an
> existing entry? This is not allowed in LDAP at it would change the
> structural objectclass of the entry. You can add krb5KDCEntry and
> krb5Principal because they are AUXILIARY object classes. However,
> inetOrgPerson ist STRUCTURAL.
Thank you for replying.  I thought I had successfully tested person adding
inetOrgPerson, but I see it doesnt work now as well.  So it seems the only real
solution is to make hdb-ldap.c add inetOrgPerson.  I will be adding this to the
distributed version for ROCK Linux which I have packaged.  This assumes my
original thought that kerberos data and the actual user entry [sh,c]ould be
stored together.  Which if anyone wants to tell me I am wrong please do so.
> Norbert

Mail by Ambiguous Computer Computer Ltd. an open source company.