As it turns out, PADL's nss/pam ldap ships with a schema that does this very thing. On my RHEL4 system, there is a file called /usr/share/doc/nss_ldap-226/ldapns.schema which contains the following: # $Id: ldapns.schema,v 1.3 2003/05/29 12:57:29 lukeh Exp $ # LDAP Name Service Additional Schema # http://www.iana.org/assignments/gssapi-service-names attributetype ( 1.3.6.1.4.1.5322.17.2.1 NAME 'authorizedService' DESC 'IANA GSS-API authorized service name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) objectclass ( 1.3.6.1.4.1.5322.17.1.1 NAME 'authorizedServiceObject' DESC 'Auxiliary object class for adding authorizedService attribute' SUP top AUXILIARY MAY authorizedService ) objectclass ( 1.3.6.1.4.1.5322.17.1.2 NAME 'hostObject' DESC 'Auxiliary object class for adding host attribute' SUP top AUXILIARY MAY host ) It's already a standard in the sense that it already has an official IANA OID assigned to the hostObject objectclass. It's been included with nss/pam ldap for years. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20050826/862cf307/attachment.bin
