[
https://issues.apache.org/jira/browse/DIRKRB-303?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14591639#comment-14591639
]
Kiran Ayyagari edited comment on DIRKRB-303 at 6/18/15 10:59 AM:
-----------------------------------------------------------------
bq. Please note, AFAIK, we're having two pluggable modules for the LDAP backend
No no, just one, that takes LdapConnection that is all, anything else makes
Kerby heavy and bloated with LDAP code.
In any LDAP server you need to inject the schema if it doesn't exist, automatic
schema injection is not ideal (it may or may not work
in all servers, there is no standard procedure for schema loading like in an
RDBMS)
bq. 1) Is it possible to use the same schema? I guess so, in most cases we can
update the schema in much sync-ed sense with ApacheDS's concern;
Make sure the krb5kdc has all necessary elements, if not please add there. This
schema changes very very very rarely, if that ever happens.
bq. 2) Based on the same schema, could we have different real implementations
in Java codes for the backend? As discussed above, for some operational
attributes, it may be populated automatically in ApacheDS, but in other LDAP
server, it may be not.
I didn't understand this question. The above mentioned operational attribute is
available in all LDAP servers.
was (Author: akiran):
bq. Please note, AFAIK, we're having two pluggable modules for the LDAP backend
No no, just one, that takes LdapConnection that is all, anything else makes
Kerby heavy and bloated with LDAP code.
In any LDAP server you need to inject the schema if it doesn't exist, automatic
schema injection is not ideal (it may or may not work
in all servers, there is no standard procedure for schema loading like in an
RDBMS)
bq. 1) Is it possible to use the same schema? I guess so, in most cases we can
update the schema in much sync-ed sense with ApacheDS's concern;
Make sure the krb5kdc has all necessary elements, if not please add there. This
schema changes very very very rarely, if that ever happens.
2) Based on the same schema, could we have different real implementations in
Java codes for the backend? As discussed above, for some operational
attributes, it may be populated automatically in ApacheDS, but in other LDAP
server, it may be not.
I didn't understand this question. The above mentioned operational attribute is
available in all LDAP servers.
> Discuss and possibly define Ldap schema for Kerby KDC
> -----------------------------------------------------
>
> Key: DIRKRB-303
> URL: https://issues.apache.org/jira/browse/DIRKRB-303
> Project: Directory Kerberos
> Issue Type: New Feature
> Reporter: Xu Yaning
>
> As discussed in DIRKRB-293 with [~akiran] and [~seelmann], it might be good
> to discuss and possibly define an LDAP schema for Kerby KDC based on the one
> present in ApacheDS ({{krb5kdc}}). This particularly works for the long term,
> as for now only a few identity attributes are supported in Kerby, some time
> later we'll need to enhance and support much more ones that's likely not
> existing in the ApacheDS's schema krb5kdc.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
