Purpose of the kerberos.ldif file
Greg Hudson
ghudson at mit.edu
Mon Jul 13 13:21:00 EDT 2015
On 07/12/2015 06:17 AM, Yann Soubeyrand wrote:
> Indeed, this file cannot be added to OpenLDAP as is and must be
> converted to the on line configuration format. My question is: what is
> the purpose of this file? Was it written for OpenLDAP or for another
> LDAP server? Should I convert this file and ask for the converted file
> to be integrated in the Mit Kerberos sources?
I believe it was written for another LDAP server, but I don't know which
one. It was included in the contribution from Novell.
We could probably benefit from an LDIF file using the OpenLDAP online
configuration format, coupled with better documentation on setting up
the LDAP KDB module using modern versions of OpenLDAP. Unfortunately, I
believe such a file would only be useful for initial setup, not for
upgrades. OpenLDAP's position is that published schemas should never be
modified, even just to add new optional attributes:
http://www.openldap.org/lists/openldap-technical/201207/msg00209.html
but our historical practice has been to extend the schema with new
optional attributes. I'm not sure what the upgrade story would be like
if we created a new schema each time we needed to add a new attribute.
More information about the Kerberos
mailing list