[389-users] Re: Schema Question
Rich Megginson
rmeggins at redhat.com
Wed Oct 21 15:30:44 UTC 2009
David Partridge wrote:
>
> We need to add in the pkiCA, pkiUser, and deltaCRL ObjectClasses to be
> in compliance with RFC 4523 to our DS builds.
>
>
>
> Are these subset of objectClasses from RFC 4523 for Compliance with
> RFC 4523? If these are correct I will continue this to make
> recommended changes for the Attribute and ObjectClasses defined in RFC
> 4523 for 00core.ldif in conjunction to my testing to propose to the
> 389 community.
>
Please do not edit 00core.ldif.
389 1.2.1 has a separate schema file for this schema now -
05rfc4523.ldif - if you upgrade to 1.2.3 it will automatically fix
existing schema to use this new schema file.
>
>
>
> objectClasses: ( 2.5.6.22 NAME 'pkiCA' DESC 'X.509 PKI Certificate
> Authority' SUP top AUXILIARY MAY ( cACertificate $
> certificateRevocationList $ authorityRevocationList $
> crossCertificatePair ) X-ORIGIN 'RFC 4523' )
>
>
>
> objectClasses: ( 2.5.6.23 NAME 'deltaCRL' DESC 'X.509 delta CRL' SUP
> top AUXILIARY MAY deltaRevocationList X-ORIGIN 'RFC 4523')
>
>
>
> objectClasses: ( 2.5.6.21 NAME 'pkiUser' DESC 'X.509 PKI User' SUP
> top AUXILIARY MAY userCertificate X-ORIGIN 'RFC 4523')
>
>
>
> Thanks
>
>
>
> *David M. Partridge*
>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3258 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20091021/f3759e1c/attachment.bin>
More information about the Fedora-directory-users
mailing list