Yes, this piqued my interest as well... Chris On Feb 12, 2015 12:30 AM, "Gergely Czuczy" <gergely.czu...@harmless.hu> wrote:
> > On 2015-02-11 15:25, Simo Sorce wrote: > > On Wed, 2015-02-04 at 12:24 +0100, Michael Ströder wrote: > >> HI! > >> > >> Maybe some of you are using MIT Kerberos with LDAP backend. > >> > >> For creating a decent web2ldap search form template for the Kerberos > schema > >> I'd like to know which kind of searches you usually do when looking > into your > >> backend via LDAP. > >> > >> Which attributes are you usually using in the search? > >> Which filters do you hack on command-line? > >> > >> Well, 'krbPrincipalName' will of course be the most used search > attribute. The > >> default equality matching rule is caseExactIA5Match, so for convenience > I'd > >> add something to use caseIgnoreIA5Match without the user having to > select that > >> himself. > > You should also search on KrbCanonicalName if you need exact matching, > > krbPrincipalName is multivalued and may contain aliases. > A bit off the topic, but please allow me a question here. I've noticed > that addprinc -x dn= only allows a single principal per entry, and -x > linkdn= does not put the krbPrincipalName into the specified entry. With > utilizing the LDAP backend, what would be the way to make use of the > krbPrincipalName's multivalued nature, and have it populated at the ldap > entry's values? > > > > Simo. > > > > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos > ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
