Configuring the Kerberos Server with LDAP
Configuration Files for LDAP Integration
Chapter 678
• Type of object classes
• Attributes of the object classes
• Optional attributes
• Syntax of each attribute
For example, a schema can define a person object class. The person
schema might require that a person have a surname attribute that is a
character string. It also specifies that a person entry can optionally have
a telephoneNumber attribute that is a string of numbers with spaces
and hyphens.
The krb5_schema.conf file is automatically generated based on the
input provided by you while autoconfiguring the Kerberos server.
Alternatively, a sample file is available in the /opt/krb5/examples
directory. You can copy this file to the /opt/krb5 directory, and manually
edit it. HP recommends that you use the autoconfiguration tool to
generate this file.
This file must reside in the /opt/krb5 directory and must have the
following permissions:
-rw-r--r-- root 3
The krb5_schema.conf File Format
Following is the format of the krb5_schema.conf file:
dn: cn=schema
changetype: modify
add: attributetypes
attributetypes: ( hpKrbPrincipalName-oid
NAME ’hpKrbPrincipalName’
DESC ’Kerberos principal identity for a user in the form
<principal>@<realm>’
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
attributetype: ( hpKrbMaxTicketAge-oid
NAME ’hpKrbMaxTicketAge’
DESC ’Value defining the maximum lifetime of a user ticket’
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetypes: ( hpKrbMaxRenewAge-oid
NAME ’hpKrbMaxRenewAge’
DESC ’Value defining the maximum renewable lifetime of a
