David Partridge wrote:
We need to add in the pkiCA, pkiUser, and deltaCRL ObjectClasses to be
in compliance with RFC 4523 to our DS builds.
Are these subset of objectClasses from RFC 4523 for Compliance with
RFC 4523? If these are correct I will continue this to make
recommended changes for the Attribute and ObjectClasses defined in RFC
4523 for 00core.ldif in conjunction to my testing to propose to the
389 community.
Please do not edit 00core.ldif.
389 1.2.1 has a separate schema file for this schema now -
05rfc4523.ldif - if you upgrade to 1.2.3 it will automatically fix
existing schema to use this new schema file.
objectClasses: ( 2.5.6.22 NAME 'pkiCA' DESC 'X.509 PKI Certificate
Authority' SUP top AUXILIARY MAY ( cACertificate $
certificateRevocationList $ authorityRevocationList $
crossCertificatePair ) X-ORIGIN 'RFC 4523' )
objectClasses: ( 2.5.6.23 NAME 'deltaCRL' DESC 'X.509 delta CRL' SUP
top AUXILIARY MAY deltaRevocationList X-ORIGIN 'RFC 4523')
objectClasses: ( 2.5.6.21 NAME 'pkiUser' DESC 'X.509 PKI User' SUP
top AUXILIARY MAY userCertificate X-ORIGIN 'RFC 4523')
Thanks
*David M. Partridge*