LDAP schema questions
Luke Howard
lukeh at padl.com
Fri Jun 16 07:00:05 EDT 2006
>Currently the krbPrincipalAux is associated with inetOrgPerson object
>only. But it can be associated with other object classes also. I will
>include krbPrincipalType to the krbPrincipalAux class.
It concerns me that the principal type is determined both from the
structural object class and the krbPrincipalType attribute. It seems
to me that it should be one or the other.
Generally I would advocate avoiding examining the structural object
class in order to provide the maximum deployment flexibility.
>I will remove the mentioning of "user" object class and mention the
>appropriate openldap object class.
Well, OpenLDAP is vendor-specific too. If you want to use inetOrgPerson
you should reference RFC 2798.
regards,
-- Luke
--
More information about the krbdev
mailing list