concerns with ldap plugin and 1.5
Will Fiveash
William.Fiveash at sun.com
Mon Jun 5 17:38:25 EDT 2006
On Sat, Jun 03, 2006 at 05:28:19PM -0500, Will Fiveash wrote:
> On Sat, Jun 03, 2006 at 02:18:49PM -0400, Sam Hartman wrote:
> > >>>>> "Rahul" == Rahul Srinivas <srahul at novell.com> writes:
> >
> > Rahul> Hi, Principals are created by default under the realm's
> > Rahul> subtree (the 'subtree' argument to 'kdb5_ldap_util create')
> > Rahul> as service principals. This can be overridden by one of
> > Rahul> the following database specific options in 'kadmin'
> > Rahul> 1. userdn=<user_dn> : Specifies the user object with which
> > Rahul> the Kerberos user principal is to be associated.
> > Rahul> 2. containerdn=<container_dn> : Specifies the container
> > Rahul> object under which the Kerberos service principal is to be
> > Rahul> created.
> >
> > OK, so if kdb5_util were made to have a clean enough interface so that
> > it didn't assume db2 and you tried loading a dump, it would work, you
> > would just get an ugly directory structure resulting.
>
> That was my expectation.
To elaborate, I was expecting that I could do a kdb5_util load and it
would recreate the KDB under the ldap_kerberos_container_dn. I
understand that the problem becomes harder if one has krbPrincipalAux
attributes associated with non-krb structural classes like user or host.
--
Will Fiveash
Sun Microsystems Inc.
Austin, TX, USA (TZ=CST6CDT)
More information about the krbdev
mailing list