On 16 May 2017, at 20:23, Prentice Bisbal pbisbal@pppl.gov wrote:
I think many system admins would say just copy the schemas from the old server to the new server and forget about it, but I don't think this is a good approach.
That’s what I do. I agree, on a theoretical level, that that might not be the best way to do it, but it sure is the simplest :). I have way to much to do anyway, so if I can take the easy way for once, I’ll take it.
As far as other applications using LDAP and any attribute in there, they are (should be!) configurable. For example, LibNSS-LDAP and LibPAM-LDAP all let you configure what attributes to use for what..
I’m sure there’s a reason for changing 'krbPrincipal' to ‘krbPrincipalAux’, but personally I don’t care. The former works for me.
- Who/what is the authoritative source for current schema definitions? Are they all defined in RFCs?
Probably not all. MINE isn’t. But I do have a registered IANA, so from the schemas attribute or objectless OID, it should be “reasonably” easy to match the two and find out who wrote it and from there you might be able to get a later version.