[37155] in Kerberos
Re: Purpose of the kerberos.ldif file
daemon@ATHENA.MIT.EDU (Greg Hudson)
Mon Jul 13 13:21:19 2015
Message-ID: <55A3F37C.1060001@mit.edu>
Date: Mon, 13 Jul 2015 13:21:00 -0400
From: Greg Hudson <ghudson@mit.edu>
MIME-Version: 1.0
To: Yann Soubeyrand <yann.soubeyrand@gmx.fr>, kerberos@mit.edu
In-Reply-To: <1436696264.26241.7.camel@gmx.fr>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 07/12/2015 06:17 AM, Yann Soubeyrand wrote:
> Indeed, this file cannot be added to OpenLDAP as is and must be
> converted to the on line configuration format. My question is: what is
> the purpose of this file? Was it written for OpenLDAP or for another
> LDAP server? Should I convert this file and ask for the converted file
> to be integrated in the Mit Kerberos sources?
I believe it was written for another LDAP server, but I don't know which
one. It was included in the contribution from Novell.
We could probably benefit from an LDIF file using the OpenLDAP online
configuration format, coupled with better documentation on setting up
the LDAP KDB module using modern versions of OpenLDAP. Unfortunately, I
believe such a file would only be useful for initial setup, not for
upgrades. OpenLDAP's position is that published schemas should never be
modified, even just to add new optional attributes:
http://www.openldap.org/lists/openldap-technical/201207/msg00209.html
but our historical practice has been to extend the schema with new
optional attributes. I'm not sure what the upgrade story would be like
if we created a new schema each time we needed to add a new attribute.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
