[36774] in Kerberos
Re: Populating krbPrincipalName multivalued (Was: Re: LDAP searches
daemon@ATHENA.MIT.EDU (Chris Hecker)
Thu Feb 12 07:08:15 2015
MIME-Version: 1.0
In-Reply-To: <54DC6428.2@harmless.hu>
Date: Thu, 12 Feb 2015 04:08:02 -0800
Message-ID: <CAOdMLc0gNk=ay82d0ysqMwR_z_JSYdzyf3MN+w91-enVihMnfA@mail.gmail.com>
From: Chris Hecker <checker@d6.com>
To: kerberos@mit.edu
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Yes, this piqued my interest as well...
Chris
On Feb 12, 2015 12:30 AM, "Gergely Czuczy" <gergely.czuczy@harmless.hu>
wrote:
>
> On 2015-02-11 15:25, Simo Sorce wrote:
> > On Wed, 2015-02-04 at 12:24 +0100, Michael Ströder wrote:
> >> HI!
> >>
> >> Maybe some of you are using MIT Kerberos with LDAP backend.
> >>
> >> For creating a decent web2ldap search form template for the Kerberos
> schema
> >> I'd like to know which kind of searches you usually do when looking
> into your
> >> backend via LDAP.
> >>
> >> Which attributes are you usually using in the search?
> >> Which filters do you hack on command-line?
> >>
> >> Well, 'krbPrincipalName' will of course be the most used search
> attribute. The
> >> default equality matching rule is caseExactIA5Match, so for convenience
> I'd
> >> add something to use caseIgnoreIA5Match without the user having to
> select that
> >> himself.
> > You should also search on KrbCanonicalName if you need exact matching,
> > krbPrincipalName is multivalued and may contain aliases.
> A bit off the topic, but please allow me a question here. I've noticed
> that addprinc -x dn= only allows a single principal per entry, and -x
> linkdn= does not put the krbPrincipalName into the specified entry. With
> utilizing the LDAP backend, what would be the way to make use of the
> krbPrincipalName's multivalued nature, and have it populated at the ldap
> entry's values?
> >
> > Simo.
> >
>
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
