Attached is an LDIF file to fix existing Lenny installations that have
been upgraded to Squeeze but are still using the old kerberos.schema.
This may be used with ldapmodify to update cn=config over LDAP without
reverting to slapd.conf or having to restart slapd. Unfortunately, it
isn't very portable because it depends on the ordering of schemas and
objectclasses. I don't know how to make it any more generic.
dn: cn={4}kerberos,cn=schema,cn=config
changetype: modify
add: olcattributetypes
olcattributetypes: ( 1.2.840.113554.1.4.1.6.1
NAME 'krbCanonicalName'
EQUALITY caseExactIA5Match
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
dn: cn={4}kerberos,cn=schema,cn=config
changetype: modify
add: olcattributetypes
olcattributetypes: ( 1.3.6.1.4.1.5322.21.2.1
NAME 'krbPwdMaxFailure'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
dn: cn={4}kerberos,cn=schema,cn=config
changetype: modify
add: olcattributetypes
olcattributetypes: ( 1.3.6.1.4.1.5322.21.2.2
NAME 'krbPwdFailureCountInterval'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
dn: cn={4}kerberos,cn=schema,cn=config
changetype: modify
add: olcattributetypes
olcattributetypes: ( 1.3.6.1.4.1.5322.21.2.3
NAME 'krbPwdLockoutDuration'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
dn: cn={4}kerberos,cn=schema,cn=config
changetype: modify
add: olcattributetypes
olcattributetypes: ( 1.3.6.1.4.1.5322.21.2.4
NAME 'krbAllowedToDelegateTo'
EQUALITY caseExactIA5Match
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
dn: cn={4}kerberos,cn=schema,cn=config
changetype: modify
delete: olcobjectclasses
olcobjectClasses: {5}( 2.16.840.1.113719.1.301.6.8.1
NAME 'krbPrincipalAux'
SUP top
AUXILIARY
MAY ( krbPrincipalName $ krbUPEnabled $ krbPrincipalKey $ krbTicketPolicyReference $ krbPrincipalExpiration $ krbPasswordExpiration $ krbPwdPolicyReference $ krbPrincipalType $ krbPwdHistory $ krbLastPwdChange $ krbPrincipalAliases $ krbLastSuccessfulAuth $ krbLastFailedAuth $ krbLoginFailedCount $ krbExtraData ) )
-
add: olcobjectclasses
olcobjectClasses: {5}( 2.16.840.1.113719.1.301.6.8.1
NAME 'krbPrincipalAux'
SUP top
AUXILIARY
MAY ( krbPrincipalName $ krbCanonicalName $ krbUPEnabled $ krbPrincipalKey $ krbTicketPolicyReference $ krbPrincipalExpiration $ krbPasswordExpiration $ krbPwdPolicyReference $ krbPrincipalType $ krbPwdHistory $ krbLastPwdChange $ krbPrincipalAliases $ krbLastSuccessfulAuth $ krbLastFailedAuth $ krbLoginFailedCount $ krbExtraData $ krbAllowedToDelegateTo ) )
dn: cn={4}kerberos,cn=schema,cn=config
changetype: modify
delete: olcobjectclasses
olcobjectClasses: {9}( 2.16.840.1.113719.1.301.6.14.1
NAME 'krbPwdPolicy'
SUP top
STRUCTURAL
MUST cn
MAY ( krbMaxPwdLife $ krbMinPwdLife $ krbPwdMinDiffChars $ krbPwdMinLength $ krbPwdHistoryLength ) )
-
add: olcobjectclasses
olcobjectClasses: {9}( 2.16.840.1.113719.1.301.6.14.1
NAME 'krbPwdPolicy'
SUP top
STRUCTURAL
MUST cn
MAY ( krbMaxPwdLife $ krbMinPwdLife $ krbPwdMinDiffChars $ krbPwdMinLength $ krbPwdHistoryLength $ krbPwdMaxFailure $ krbPwdFailureCountInterval $ krbPwdLockoutDuration ) )