[
https://issues.apache.org/jira/browse/DIRKRB-303?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14592843#comment-14592843
]
Xu Yaning edited comment on DIRKRB-303 at 6/19/15 2:12 AM:
-----------------------------------------------------------
Hi Kiran, I think I write something wrong. For a key, there are 3 attributes to
store, keyVersion, keyType and keyData. Since keyVersion and kvno are the same
attribute, the attributes in krb5kdc schema and the operational attribute
{{createTimestamp}} can satisfy Kerby's requirement. So I think we can use
krb5kdc schema to implement {{LdapIdentityBackend}}.
was (Author: yaningxu):
Hi Kiran, I think I write something wrong. For a key, there are 3 attributes to
store, keyVersion, keyType and keyData. Since keyVersion and kvno are the same
attribute. The attributes in krb5kdc schema and the operational attribute
{{crreateTimestamp}} can satisfy Kerby's requirement. So I think we can use
krb5kdc schema to implement {{LdapBackendIdentity}}.
> Discuss and possibly define Ldap schema for Kerby KDC
> -----------------------------------------------------
>
> Key: DIRKRB-303
> URL: https://issues.apache.org/jira/browse/DIRKRB-303
> Project: Directory Kerberos
> Issue Type: New Feature
> Reporter: Xu Yaning
>
> As discussed in DIRKRB-293 with [~akiran] and [~seelmann], it might be good
> to discuss and possibly define an LDAP schema for Kerby KDC based on the one
> present in ApacheDS ({{krb5kdc}}). This particularly works for the long term,
> as for now only a few identity attributes are supported in Kerby, some time
> later we'll need to enhance and support much more ones that's likely not
> existing in the ApacheDS's schema krb5kdc.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
