> > Are you trying to add inetOrgPerson to the objectClass attribute of an > > existing entry? This is not allowed in LDAP at it would change the > > structural objectclass of the entry. You can add krb5KDCEntry and > > krb5Principal because they are AUXILIARY object classes. However, > > inetOrgPerson ist STRUCTURAL. I've a similar question: My ldap tree is laid out with three roots, and probably more will come: dc=nbtsc,dc=org dc=theinternetco,dc=net dc=independence,dc=net Each has a corresponding realm: NBTSC.ORG THEINTERNETCO.NET INDEPENDENCE.NET my users are in an ou=Users subtree, and their uids are just the short version: uid=test,ou=Users,dc=nbtsc,dc=org Is there any way to make heimdal store the kerberos properties in the correct bases, based on realm? Aredridel
This is a digitally signed message part