Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » Extending ADAM Schema with PKI objects
Extending ADAM Schema with PKI objects [message #352146] Fri, 25 December 2009 03:26 Go to next message
Buci  is currently offline Buci  United States
Messages: 3
Registered: December 2009
Junior Member
Hi,
I need to setup ADAM for publishing end entity certificates. I extend
the schema with pkiUser object class according RFC2587.
The class type is Auxiliary. I setup organizationalUnit as a Possible
Superior. But I cannot insert object of that class into my
organizationalUnit.
I create a new pkiUser object class with Structural class type, and
than I was able to insert data of that class into my ou. But the
inserted data has DN: CN=Name,OU=myOrgUnit,dc=domain,dc=com.
I want to insert data so the attribute UID to be mandatory and part of
DN. Instead of that, CN is part of DN, so I have a problem to insert
entry with the same CN. The same user can have more than one
certificate.
Please I need help how to insert entry of pkiUser object class but with
DN: UID=unique_number,dc=myDomain.
What is deferens between Structural and Auxiliary class type?

Thanks


--
Buci
------------------------------------------------------------ ------------
Buci's Profile: http://forums.techarena.in/members/167148.htm
View this thread: http://forums.techarena.in/active-directory/1286058.htm

http://forums.techarena.in
Re: Extending ADAM Schema with PKI objects [message #354081 is a reply to message #352146] Mon, 28 December 2009 13:43 Go to previous messageGo to next message
Lee Flight  is currently offline Lee Flight  United Kingdom
Messages: 392
Registered: July 2009
Senior Member
Hi,

if you need the distinguishedName to have a relative DN of uid then
you will need to create a class that supports that. If your pkiUser is an
auxiliary class to a User class in your ADAM instance do you have the
scope to define your own user class that has uid as rdn, is this ADAM
instance just to be used for the PKI objects?

Lee Flight


"Buci" <Buci.43qz7e@DoNotSpam.com> wrote in message
news:Buci.43qz7e@DoNotSpam.com...
>
> Hi,
> I need to setup ADAM for publishing end entity certificates. I extend
> the schema with pkiUser object class according RFC2587.
> The class type is Auxiliary. I setup organizationalUnit as a Possible
> Superior. But I cannot insert object of that class into my
> organizationalUnit.
> I create a new pkiUser object class with Structural class type, and
> than I was able to insert data of that class into my ou. But the
> inserted data has DN: CN=Name,OU=myOrgUnit,dc=domain,dc=com.
> I want to insert data so the attribute UID to be mandatory and part of
> DN. Instead of that, CN is part of DN, so I have a problem to insert
> entry with the same CN. The same user can have more than one
> certificate.
> Please I need help how to insert entry of pkiUser object class but with
> DN: UID=unique_number,dc=myDomain.
> What is deferens between Structural and Auxiliary class type?
>
> Thanks
>
>
> --
> Buci
> ------------------------------------------------------------ ------------
> Buci's Profile: http://forums.techarena.in/members/167148.htm
> View this thread: http://forums.techarena.in/active-directory/1286058.htm
>
> http://forums.techarena.in
>
Re: Extending ADAM Schema with PKI objects [message #354530 is a reply to message #354081] Tue, 29 December 2009 02:18 Go to previous messageGo to next message
Buci  is currently offline Buci  United States
Messages: 3
Registered: December 2009
Junior Member
Yes, the ADAM instance will be used just for PKI objects and I want to
define my own pki user class that has UID as RDN. Can i do that with
ADAM Schema snap-in?


--
Buci
------------------------------------------------------------ ------------
Buci's Profile: http://forums.techarena.in/members/167148.htm
View this thread: http://forums.techarena.in/active-directory/1286062.htm

http://forums.techarena.in
Re: Extending ADAM Schema with PKI objects [message #358588 is a reply to message #354530] Mon, 04 January 2010 05:27 Go to previous message
Lee Flight  is currently offline Lee Flight  United Kingdom
Messages: 392
Registered: July 2009
Senior Member
Hi

you need to decide what you will be using as your user class,
did you import an User class from one of the MS supplied LDFs
or define your own? Looking at the thread it seem like you defined
a pkiUser Structural class, if you have the ldf for that class you
would need to modify it to have rdnattid attribute as uid, for that
top work you will also need to define a uid attribute in your schema.

It would be good to think about which approach to implementation is
going to be best for your deployment as modifying the schema once in
production may be hard work. So for example if you have some standard
LDFs defining pkiUser as an auxiliary class which seems to be what
RFC 4523 has then perhaps the best approach for you would be to define
a user or inetOrgPerson that has uid as rdnattid and keep pkiUser as
auxiliary.

Lee Flight

"Buci" <Buci.43y8ba@DoNotSpam.com> wrote in message
news:Buci.43y8ba@DoNotSpam.com...
>
> Yes, the ADAM instance will be used just for PKI objects and I want to
> define my own pki user class that has UID as RDN. Can i do that with
> ADAM Schema snap-in?
>
>
> --
> Buci
> ------------------------------------------------------------ ------------
> Buci's Profile: http://forums.techarena.in/members/167148.htm
> View this thread: http://forums.techarena.in/active-directory/1286062.htm
>
> http://forums.techarena.in
>
Previous Topic:Re: net logon service not running
Next Topic:Solar cells for less than 1 USD per Watt
Goto Forum:
  


Current Time: Thu Jan 18 20:49:57 MST 2018

Total time taken to generate the page: 0.02867 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software