David Partridge wrote: > > We need to add in the pkiCA, pkiUser, and deltaCRL ObjectClasses to be > in compliance with RFC 4523 to our DS builds. > > > > Are these subset of objectClasses from RFC 4523 for Compliance with > RFC 4523? If these are correct I will continue this to make > recommended changes for the Attribute and ObjectClasses defined in RFC > 4523 for 00core.ldif in conjunction to my testing to propose to the > 389 community. > Please do not edit 00core.ldif. 389 1.2.1 has a separate schema file for this schema now - 05rfc4523.ldif - if you upgrade to 1.2.3 it will automatically fix existing schema to use this new schema file. > > > > objectClasses: ( 2.5.6.22 NAME 'pkiCA' DESC 'X.509 PKI Certificate > Authority' SUP top AUXILIARY MAY ( cACertificate $ > certificateRevocationList $ authorityRevocationList $ > crossCertificatePair ) X-ORIGIN 'RFC 4523' ) > > > > objectClasses: ( 2.5.6.23 NAME 'deltaCRL' DESC 'X.509 delta CRL' SUP > top AUXILIARY MAY deltaRevocationList X-ORIGIN 'RFC 4523') > > > > objectClasses: ( 2.5.6.21 NAME 'pkiUser' DESC 'X.509 PKI User' SUP > top AUXILIARY MAY userCertificate X-ORIGIN 'RFC 4523') > > > > Thanks > > > > *David M. Partridge* > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20091021/f3759e1c/attachment.bin
