directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kai Zheng (JIRA)" <>
Subject [jira] [Commented] (DIRKRB-303) Discuss and possibly define Ldap schema for Kerby KDC
Date Thu, 18 Jun 2015 10:02:01 GMT


Kai Zheng commented on DIRKRB-303:

I thought it's good to discuss the schema stuff separately, particularly for the long term
consideration, and I agree we should try to use the existing schema in ApacheDS. By the way,
in future would we wish to maintain the schema in DirectoryServer side or Kerby side? I thought
it's ideal for Kerby to own the schema as MIT Kerberos does, so any possible LDAP server backend
can find, reference and use the schema from Kerby's doc and distribution. The schema should
be clearly documented and exposed as part of the LDAP backend support.

> Discuss and possibly define Ldap schema for Kerby KDC
> -----------------------------------------------------
>                 Key: DIRKRB-303
>                 URL:
>             Project: Directory Kerberos
>          Issue Type: New Feature
>            Reporter: Xu Yaning
> As discussed in DIRKRB-293 with [~akiran] and [~seelmann], it might be good to discuss
and possibly define an LDAP schema for Kerby KDC based on the one present in ApacheDS ({{krb5kdc}}).
This particularly works for the long term, as for now only a few identity attributes are supported
in Kerby, some time later we'll need to add enhance and support much more ones that's likely
not existing in the ApacheDS's schema krb5kdc.

This message was sent by Atlassian JIRA

View raw message