[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: JDNI allows non-schema changes (ITS#2151)

--On Friday, October 25, 2002 11:39 AM -0700 "Kurt D. Zeilenga" 
<Kurt@OpenLDAP.org> wrote:

>> Kurt,
>> Hm, okie.  So, then from what you are saying, if I have this right:
>> We want suRegid to have to contain these 3 objectclasses:
>> suRegid=A
>> (cutting out the ones prior to suPerson based on what you note above
>> about  inheritance)
>> objectClass:suPerson
>> objectClass:suKerberosService
>> objectClass:krb5Principal
>> Since the add we are doing is only putting in entries from the suPerson
>> object class, suPerson is the only one being put in place when we do the
>> add.  What we want, is when an suRegID is created by our person creation
>> object, is that all those above objectclasses MUST be a part of the
>> suRegID  entry, or it will fail.  And I see your point about the MUST on
>> suPerson  being incorrect.  Is there anyway to enforce that an add must
>> include those  3 objectclasses for the suRegID?
> I don't believe there is any mechanism to require explicit listing
> of objectClass values which are implicitly present.


Well, suKerberosService and krb5Principal are not part of suPerson, so I 
think that would then mean they aren't implicitly present?


Quanah Gibson-Mount
Senior Systems Administrator
ITSS/TSS/Computing Systems
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html