Work in progress

This site is in the process of being reviewed and updated.

Introduction

You can have realms anywhere in the directory information tree (DIT):

  • Use objectClass 'krb5Realm' to mark realms with an AUXILIARY objectClass.
  • Configure which partitions are "active" for realm serving. This prevents the protocol provider from searching partitions that do not contain Kerberos realms.
  • Set "objectClass" and "krb5PrincipalName" as indexed attributes in your partition configuration.
  • No labels