Preliminary discussion: DB alias entries
Simo Sorce
ssorce at redhat.com
Mon Mar 9 14:53:15 EDT 2009
On Mon, 2009-03-09 at 14:29 -0400, Greg Hudson wrote:
> On Thu, 2009-03-05 at 13:56 -0500, Zhanna Tsitkova wrote:
> > How about adding a new auxulary attr to the entries
>
> What do you mean by "auxiliary attribute" here? My understanding is
> that object classes can be auxiliary, but not attributes.
>
> (Sorry; I'm new to LDAP so I need people to speak precisely or I can't
> understand.)
>
> > - for example
> > 1.3.18.0.2.4.1154 NAME ( 'krbHintAliases' ) or just krbAliases as
> > defined in
> > http://publib.boulder.ibm.com/infocenter/zvm/v5r3/index.jsp?topic=/com.ibm.zvm.v53.kldl0/tivap02998897.htm
>
> What is that page exactly? Is it appropriate to pull attribute and
> object class definitions from a completely different schema from the
> Novell one we have?
If it's not incompatible for some reason, reuse is usually encouraged in
the LDAP communities.
> > In fact , on KDC startup these aliases could be stored in memory.
> > Then, when the request comes in, the normalized string would be
> > searched in the mem cache and then decided if the further processing
> > is needed.
>
> Wouldn't that introduce consistency issues if the LDAP data is modified
> outside of the KDC?
It would, unless the KDC has ways to refresh its cache fetching from
LDAP.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the krbdev
mailing list