Simo Sorce wrote: > On Wed, 2015-02-04 at 12:24 +0100, Michael Ströder wrote: >> HI! >> >> Maybe some of you are using MIT Kerberos with LDAP backend. >> >> For creating a decent web2ldap search form template for the Kerberos schema >> I'd like to know which kind of searches you usually do when looking into your >> backend via LDAP. >> >> Which attributes are you usually using in the search? >> Which filters do you hack on command-line? >> >> Well, 'krbPrincipalName' will of course be the most used search attribute. >> The >> default equality matching rule is caseExactIA5Match, so for convenience I'd >> add something to use caseIgnoreIA5Match without the user having to select >> that >> himself. > > You should also search on KrbCanonicalName if you need exact matching, > krbPrincipalName is multivalued and may contain aliases.
Thanks, added it. What about 'krbPrincipalAliases'? Is that actually used? Ciao, Michael.
smime.p7s
Description: S/MIME Cryptographic Signature
________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
