DAL API to read Realm Information

Jeffrey Altman jaltman at MIT.EDU
Tue Mar 14 17:05:20 EST 2006 

What I am wondering is whether the DAL interface should be generic
enough that any parameter that could be stored in the profile
could be obtained instead by the DAL.   Should the interface not
be the DAL but should it instead be an LDAP profile type?

Jeffrey Altman


P Santoshkumar wrote:
> Hello,
> 
> Yes Will Fiveash is correct with respect to the parameters, except that
> a few parameters like krbLdapServer and the others which are specific to
> the ldap database will not be exposed above DAL. Only the other generic
> parameters like krbSupportedEncTypes and the like which will be used by
> KDC will be populated as I mentioned earlier.
> 
> Thanks and Regards,
> Santosh.
>  
>>>> Will Fiveash <William.Fiveash at sun.com> 03/14/06 5:59 am >>> 
> On Mon, Mar 13, 2006 at 05:58:19AM - 0500, P Santoshkumar wrote:
>> Hello Jeffrey,
>>
>> We intend to have a DAL API to read the params from the database
> that
>> will do the following:-
>>
>> * If the backend database is db2 then the API will be NULL and the
>> structures outside DAL(kdc_realm_t and kadm5_config_params) will
> consist
>> of the values read from the configuration file.
>> * If the backend database is an LDAP store then the API will read
> the
>> values from the database. It will copy only those values into the
>> structures outside DAL(kdc_realm_t and kadm5_config_params) that are
> not
>> available or that are not read from the configuration file. In this
> way
>> even if extra fields are added to the structures then the DAL will
> take
>> only those that are available to the LDAP database and the others
> will
>> be read from the configuration file.
> 
> The Novell schema defines a krbRealmContainer object class defined as:
> 
> ##### The krbRealmContainer is created per realm and holds realm
> specific data.
> 
> dn: cn=schema
> changetype: modify
> add: objectclasses
> objectClasses: ( 2.16.840.1.113719.1.301.6.2
>                 NAME 'krbRealmContainer'
>                 SUP top
>                 MUST ( cn )
>                 MAY ( krbMasterKey $ krbUPEnabled $ krbSubTree $
> krbSearchScope $ krbLdapSer
> vers $ krbSupportedEncTypes $ krbSupportedSaltTypes $ krbDefaultEncType
> $ krbDefaultSaltType
>  $ krbPolicyReference $ krbKdcServers $ krbPwdServers $ krbAdmServers $
> krbPrincNamingAttr )
>                 X- NDS_NAMING ( 'cn' )
>                 X- NDS_CONTAINMENT ( 'krbContainer' ))
> 
> These are the parameters that Santosh is refering to.
> 
> --  
> Will Fiveash
> Sun Microsystems Inc.
> Austin, TX, USA (TZ=CST6CDT)
> 
> _______________________________________________
> krbdev mailing list             krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev
>

More information about the krbdev mailing list