On Wed, 2015-02-11 at 16:24 +0100, Michael Ströder wrote: > Simo Sorce wrote: > > On Wed, 2015-02-04 at 12:24 +0100, Michael Ströder wrote: > >> HI! > >> > >> Maybe some of you are using MIT Kerberos with LDAP backend. > >> > >> For creating a decent web2ldap search form template for the Kerberos schema > >> I'd like to know which kind of searches you usually do when looking into > >> your > >> backend via LDAP. > >> > >> Which attributes are you usually using in the search? > >> Which filters do you hack on command-line? > >> > >> Well, 'krbPrincipalName' will of course be the most used search attribute. > >> The > >> default equality matching rule is caseExactIA5Match, so for convenience I'd > >> add something to use caseIgnoreIA5Match without the user having to select > >> that > >> himself. > > > > You should also search on KrbCanonicalName if you need exact matching, > > krbPrincipalName is multivalued and may contain aliases. > > Thanks, added it. > > What about 'krbPrincipalAliases'? Is that actually used?
Not as common, but if you are interested in aliases you should probably look it up as well. I forgot if the MIT's LDAP driver actually uses it. Simo. -- Simo Sorce * Red Hat, Inc * New York ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
