Re: OpenLDAP schema for Heimdal

[Howard Chu <hyc@highlandsun.com>]

Howard Chu wrote:
> Love Hörnquist Åstrand wrote:
> 
>> Hi Ilia
>>
>>
>>> where can I download OpenLDAP schema for Heimdal ?
>>
>>
>>
>> In current heimdal its included in `lib/hdb/hdb.schema'. I also 
>> thought it
>> was included with OpenLDAP.
> 
> 
> The schema is still hiding in OpenLDAP's CVS but it was withdrawn from 
> the public distribution.
> 
>> This should a a correct version: 
>> http://www.padl.com/~lukeh/XAD/hdb.schema
> 
> 
> The version on that link is defective, you need to add
>     EQUALITY generalizedTimeMatch
> matching rules to the krb5ValidStart, krb5ValidEnd, and krb5PasswordEnd 
> definitions. (You cannot use the generalizedTimeOrderingMatch ORDERING 
> matching rule without also defining the correct EQUALITY matching rule.)

I should say, without *first* defining the EQUALITY rule.

e.g.:

attributetype ( 1.3.6.1.4.1.5322.10.1.7
         NAME 'krb5ValidStart'
         EQUALITY generalizedTimeMatch
         ORDERING generalizedTimeOrderingMatch
         SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
         SINGLE-VALUE )

-- 
   -- Howard Chu
   Chief Architect, Symas Corp.       Director, Highland Sun
   http://www.symas.com               http://highlandsun.com/hyc
   Symas: Premier OpenSource Development and Support