LDAP schema questions
Andrew Bartlett
abartlet at samba.org
Sat Jun 10 17:37:56 EDT 2006
On Sat, 2006-06-10 at 17:32 -0400, Jeffrey Altman wrote:
> Sam Hartman wrote:
> >>>>>> "Jeffrey" == Jeffrey Altman <jaltman at columbia.edu> writes:
> >
> > Jeffrey> All of these principals must be associated with my user
> > Jeffrey> account since their usage specifies actions performed by
> > Jeffrey> me.
> >
> >
> > Sure, but it seems that perhaps one principal could live in the user
> > object and the rest could be linked to the user object.
> >
> >
> > --Sam
>
> You could but why? That means that I can't search all principal objects
> to obtain a list of all principals. Instead I must search all
> principals and all users. Seems a bit odd to me.
I don't see why a search of all principals would not show both. One of
the advantages of LDAP is the ability to add extra objectClasses to an
entry.
Both would have some kind of krb5Principal objectClass (presumably
auxillary), but some would also be 'account' or 'person'.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20060610/055d662f/attachment.bin
More information about the krbdev
mailing list