DAL API to read Realm Information

P Santoshkumar psantoshkumar at novell.com
Tue Mar 14 05:29:50 EST 2006 

Hello,

Yes Will Fiveash is correct with respect to the parameters, except that
a few parameters like krbLdapServer and the others which are specific to
the ldap database will not be exposed above DAL. Only the other generic
parameters like krbSupportedEncTypes and the like which will be used by
KDC will be populated as I mentioned earlier.

Thanks and Regards,
Santosh.
 
>>> Will Fiveash <William.Fiveash at sun.com> 03/14/06 5:59 am >>> 
On Mon, Mar 13, 2006 at 05:58:19AM - 0500, P Santoshkumar wrote:
> Hello Jeffrey,
> 
> We intend to have a DAL API to read the params from the database
that
> will do the following:-
> 
> * If the backend database is db2 then the API will be NULL and the
> structures outside DAL(kdc_realm_t and kadm5_config_params) will
consist
> of the values read from the configuration file.
> * If the backend database is an LDAP store then the API will read
the
> values from the database. It will copy only those values into the
> structures outside DAL(kdc_realm_t and kadm5_config_params) that are
not
> available or that are not read from the configuration file. In this
way
> even if extra fields are added to the structures then the DAL will
take
> only those that are available to the LDAP database and the others
will
> be read from the configuration file.

The Novell schema defines a krbRealmContainer object class defined as:

##### The krbRealmContainer is created per realm and holds realm
specific data.

dn: cn=schema
changetype: modify
add: objectclasses
objectClasses: ( 2.16.840.1.113719.1.301.6.2
                NAME 'krbRealmContainer'
                SUP top
                MUST ( cn )
                MAY ( krbMasterKey $ krbUPEnabled $ krbSubTree $
krbSearchScope $ krbLdapSer
vers $ krbSupportedEncTypes $ krbSupportedSaltTypes $ krbDefaultEncType
$ krbDefaultSaltType
 $ krbPolicyReference $ krbKdcServers $ krbPwdServers $ krbAdmServers $
krbPrincNamingAttr )
                X- NDS_NAMING ( 'cn' )
                X- NDS_CONTAINMENT ( 'krbContainer' ))

These are the parameters that Santosh is refering to.

--  
Will Fiveash
Sun Microsystems Inc.
Austin, TX, USA (TZ=CST6CDT)

More information about the krbdev mailing list