Work in progress
This site is in the process of being reviewed and updated.
Introduction
You can have realms anywhere in the directory information tree (DIT):
- Use objectClass 'krb5Realm' to mark realms with an AUXILIARY objectClass.
- Configure which partitions are "active" for realm serving. This prevents the protocol provider from searching partitions that do not contain Kerberos realms.
- Set "objectClass" and "krb5PrincipalName" as indexed attributes in your partition configuration.