[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: LDAP layouts for Heimdal
Quoting Norbert Klasen <norbert+lists.heimdal-discuss@burgundy.dyndns.org>:
>
>
> --On Sonntag, 9. November 2003 05:21 +0800 Chris Hamilton
> <chris@ambigc.com> wrote:
>
> > Well there is my problem then. I am using the schema at
> > http://www.padl.com/~lukeh/XAD/hdb.schema
> > on 2.1.22 ldap with BDB backend. I can add things to a person object.
> > However after I add krb5Principal to the entry, inetOrgPerson can not be
> > added. I just tested sambaSamAccount and it adds afterwards, so does
> > krb5KDCEntry. So what is specifically conflicting in this case between
> > krb5Principal and inetOrgPerson(organizationalPerson more specifically)?
> > I don't see how, but I am new to this.
>
> Are you trying to add inetOrgPerson to the objectClass attribute of an
> existing entry? This is not allowed in LDAP at it would change the
> structural objectclass of the entry. You can add krb5KDCEntry and
> krb5Principal because they are AUXILIARY object classes. However,
> inetOrgPerson ist STRUCTURAL.
Thank you for replying. I thought I had successfully tested person adding
inetOrgPerson, but I see it doesnt work now as well. So it seems the only real
solution is to make hdb-ldap.c add inetOrgPerson. I will be adding this to the
distributed version for ROCK Linux which I have packaged. This assumes my
original thought that kerberos data and the actual user entry [sh,c]ould be
stored together. Which if anyone wants to tell me I am wrong please do so.
>
> Norbert
>
>
----------------------------------------------------------------
Mail by Ambiguous Computer Computer Ltd. an open source company.
http://www.ambigc.com