[36770] in Kerberos
Re: LDAP searches for Kerberos entries
daemon@ATHENA.MIT.EDU (Simo Sorce)
Wed Feb 11 09:26:03 2015
Message-ID: <1423664739.5770.0.camel@willson.usersys.redhat.com>
From: Simo Sorce <simo@redhat.com>
To: Michael =?ISO-8859-1?Q?Str=F6der?= <michael@stroeder.com>
Date: Wed, 11 Feb 2015 09:25:39 -0500
In-Reply-To: <54D2017E.7010800@stroeder.com>
Mime-Version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On Wed, 2015-02-04 at 12:24 +0100, Michael Ströder wrote:
> HI!
>
> Maybe some of you are using MIT Kerberos with LDAP backend.
>
> For creating a decent web2ldap search form template for the Kerberos schema
> I'd like to know which kind of searches you usually do when looking into your
> backend via LDAP.
>
> Which attributes are you usually using in the search?
> Which filters do you hack on command-line?
>
> Well, 'krbPrincipalName' will of course be the most used search attribute. The
> default equality matching rule is caseExactIA5Match, so for convenience I'd
> add something to use caseIgnoreIA5Match without the user having to select that
> himself.
You should also search on KrbCanonicalName if you need exact matching,
krbPrincipalName is multivalued and may contain aliases.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
