Details
-
New Feature
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
-
None
Description
DNS RFC 1035 6.1.2 describes a "catalog" that contains pointers to zone data. The same configuration mechanism makes sense for Kerberos so we will implement a realm catalog and ensure that DNS zone and Kerberos realm semantics are similar.
o apache.schema objectClass called apachedsServiceConfiguration
o STRUCTURAL objectClass MUST cn
o uses ExtensibleObject
o apacheKerberosConfiguration extends apacheServiceConfiguration
o OC apacheCatalogEntry is a mapping of a realm name attribute to a zoneBaseDN attribute
o name=example.com --> ou=users,dc=example,dc=com
o put a ou=realms under the configuration for a service instance
o add OC apacheCatalogEntry's
o pull all catalog entries into memory with a single level search under ou=realms
o use the zoneBaseDn with the InitialContextFactory. The nexus will figure out under what partition it is.