Prentice Bisbal wrote: > On 05/13/2017 07:00 AM, Michael Ströder wrote: >> Prentice Bisbal wrote: >>> objectClass: account >>> objectClass: krbPrincipal >>> structuralObjectClass: account >>> >>> I have googled my error and found many discussions for 'invalid structural object >>> chain' on this list, but none of them seem to apply to this case. >> That's what AUXILIARY object class 'krbPrincipalAux' is for. >> >> If it's not present in your current schema you should grab a more recent >> version of the MIT Kerberos LDAP schema. > > Thanks. That's exactly the answer I was looking for. I do have krbPrincipalAux in my > kerberos schema, but raises another questions about which schema(s) to use, which I'll > raise here as a separate post, since that's a new topic of discussion, and goes beyond > just this one specific schema issue. You should use the current schema file shipped with your particular Kerberos installation. You can combine 'krbPrincipalAux' with 'account' or 'inetOrgPerson' or whatever you're using as object class for user accounts. I'm pretty sure you will easily find documentations / presentations about schema design in general. It's a pretty broad topic though. YMMV. Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature