Extending ADAM Schema with PKI objects
Buci
Hi,
I need to setup ADAM for publishing end entity certificates. I extend
the schema with pkiUser object class according RFC2587.
The class type is Auxiliary. I setup organizationalUnit as a Possible
Superior. But I cannot insert object of that class into my
organizationalUnit.
I create a new pkiUser object class with Structural class type, and
than I was able to insert data of that class into my ou. But the
inserted data has DN: CN=Name,OU=myOrgUnit,dc=domain,dc=com.
I want to insert data so the attribute UID to be mandatory and part of
DN. Instead of that, CN is part of DN, so I have a problem to insert
entry with the same CN. The same user can have more than one
certificate.
Please I need help how to insert entry of pkiUser object class but with
DN: UID=unique_number,dc=myDomain.
What is deferens between Structural and Auxiliary class type?
Thanks
--
Buci
------------------------------------------------------------------------
Buci's Profile: http://forums.techarena.in/members/167148.htm
View this thread: http://forums.techarena.in/active-directory/1286054.htm
Buci
Lee Flight
if you need the distinguishedName to have a relative DN of uid then
you will need to create a class that supports that. If your pkiUser is an
auxiliary class to a User class in your ADAM instance do you have the
scope to define your own user class that has uid as rdn, is this ADAM
instance just to be used for the PKI objects?
Lee Flight
"Buci" <Buci....@DoNotSpam.com> wrote in message
news:Buci....@DoNotSpam.com...
Buci
Yes, the ADAM instance will be used just for PKI objects and I want to
define my own pki user class that has UID as RDN. Can i do that with
ADAM Schema snap-in?
--
Buci
------------------------------------------------------------------------
Buci's Profile: http://forums.techarena.in/members/167148.htm
View this thread: http://forums.techarena.in/active-directory/1286062.htm
Lee Flight
you need to decide what you will be using as your user class,
did you import an User class from one of the MS supplied LDFs
or define your own? Looking at the thread it seem like you defined
a pkiUser Structural class, if you have the ldf for that class you
would need to modify it to have rdnattid attribute as uid, for that
top work you will also need to define a uid attribute in your schema.
It would be good to think about which approach to implementation is
going to be best for your deployment as modifying the schema once in
production may be hard work. So for example if you have some standard
LDFs defining pkiUser as an auxiliary class which seems to be what
RFC 4523 has then perhaps the best approach for you would be to define
a user or inetOrgPerson that has uid as rdnattid and keep pkiUser as
auxiliary.
Lee Flight
"Buci" <Buci....@DoNotSpam.com> wrote in message
news:Buci....@DoNotSpam.com...
>