ldap backend - krbPrincipalName substring search
Paul B. Henson
henson at acm.org
Mon Apr 6 18:09:14 EDT 2015
> From: Michael Ströder
> Sent: Monday, April 06, 2015 6:47 AM
>
> 1. Make sure to be aware of this schema declaration bug:
> http://krbdev.mit.edu/rt/Ticket/Display.html?id=8150
Hmm, looks like Greg just replied to that bug? What is the expected failure?
Would the index be ignored and entries be found, but at the cost of a full
scan? Or would the index be invalid and result in the entries not being
found at all?
> 2. OpenLDAP's "not indexed" messages do not mean that you should enable
> indexing without first analyzing the search request sent.
Understood; part of my analysis is figuring out what Kerberos functionality
might avail of that index :).
Thanks
More information about the Kerberos
mailing list