On 07/12/2015 06:17 AM, Yann Soubeyrand wrote: > Indeed, this file cannot be added to OpenLDAP as is and must be > converted to the on line configuration format. My question is: what is > the purpose of this file? Was it written for OpenLDAP or for another > LDAP server? Should I convert this file and ask for the converted file > to be integrated in the Mit Kerberos sources?
I believe it was written for another LDAP server, but I don't know which one. It was included in the contribution from Novell. We could probably benefit from an LDIF file using the OpenLDAP online configuration format, coupled with better documentation on setting up the LDAP KDB module using modern versions of OpenLDAP. Unfortunately, I believe such a file would only be useful for initial setup, not for upgrades. OpenLDAP's position is that published schemas should never be modified, even just to add new optional attributes: http://www.openldap.org/lists/openldap-technical/201207/msg00209.html but our historical practice has been to extend the schema with new optional attributes. I'm not sure what the upgrade story would be like if we created a new schema each time we needed to add a new attribute. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
