#29 Samba3-schema is missing sambaTrustedDomainPassword
Closed: Fixed None Opened 7 years ago by mkosek.

https://bugzilla.redhat.com/show_bug.cgi?id=741599

Description of problem:
Samba has added a new objectClass sambaTrustedDomainPassword containing two new
attributes sambaClearTextPassword and sambaTrustedDomainPassword in version 3.2
for storing the domaintrust. The samba3-schema 60samba3.ldif does not include
these, what makes it impossible to establish the domaintrust without adding a
custom ldif.

How reproducible:
net rpc trustdom establish DOMAIN -d10 throws an error about missing
objectClass sambaTrustedDomainPassword

Actual results:
sambaTrustedDomainPassword is not present, net rpc trustdom establish dies with
an error

Expected results:
sambaTrustedDomainPassword is present, net rpc trustdom establish works

Additional info:
Adding following custom schema created from the samba3-schema provided with
samba3 for openldap resolves the problem.

#
###############################################################################
#
#
dn: cn=schema
#
###############################################################################
#
#
attributeTypes: (
  1.3.6.1.4.1.7165.2.1.68
  NAME 'sambaClearTextPassword'
  DESC 'Clear text password (used for trusted domain passwords)'
  EQUALITY octetStringMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
  SINGLE-VALUE
  )
#
###############################################################################
#
#
attributeTypes: (
  1.3.6.1.4.1.7165.2.1.69
  NAME 'sambaPreviousClearTextPassword'
  DESC 'Previous clear text password (used for trusted domain passwords)'
  EQUALITY octetStringMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
  SINGLE-VALUE
  )
#
###############################################################################
#
#
objectClasses: (
  1.3.6.1.4.1.7165.2.2.15
  NAME 'sambaTrustedDomainPassword'
  DESC 'Samba Trusted Domain Password'
  SUP top
  STRUCTURAL
  MUST ( sambaDomainName $ sambaSID $ sambaClearTextPassword $ sambaPwdLastSet
)
  MAY  ( sambaPreviousClearTextPassword )
  )
#
###############################################################################
#
#

Problem also exists on Red Hat Directory Server 8.2, but fixing it upstream in
389 Directory Server will result also in a fix downstream, I hope.

A question...

60samba3.ldif is being added to 60upgradeschemafiles.pl.
ldap/admin/src/scripts/60upgradeschemafiles.pl
14 my @toremove = qw(00core.ldif 01core389.ldif 01common.ldif 02common.ldif 05rfc2247.ldif 05rfc4523.ldif 05rfc4524.ldif 06inetorgperson.ldif 10presence.ldif 28pilot.ldif 30ns-common.ldif 50ns-directory.ldif 60mozilla.ldif 60sudo.ldif 60samba3.ldif);

60samba3.ldif is in sampledata_DATA, not in schema_DATA in Makefile.am. Is it okay? Probably, it's okay since it's updated for the server that has 60samba3.ldif in the schema dir. I'd like to have the confirmation. :)

0001-Ticket-29-Samba3-schema-is-missing-sambaTrustedDomai.patch
0001-Ticket-29-Samba3-schema-is-missing-sambaTrustedDomai.patch

Replying to [comment:5 nhosoi]:

A question...

60samba3.ldif is being added to 60upgradeschemafiles.pl.
ldap/admin/src/scripts/60upgradeschemafiles.pl
14 my @toremove = qw(00core.ldif 01core389.ldif 01common.ldif 02common.ldif 05rfc2247.ldif 05rfc4523.ldif 05rfc4524.ldif 06inetorgperson.ldif 10presence.ldif 28pilot.ldif 30ns-common.ldif 50ns-directory.ldif 60mozilla.ldif 60sudo.ldif 60samba3.ldif);

60samba3.ldif is in sampledata_DATA, not in schema_DATA in Makefile.am. Is it okay? Probably, it's okay since it's updated for the server that has 60samba3.ldif in the schema dir. I'd like to have the confirmation. :)

We can't update 60samba3.ldif because it is in sampledata_DATA. I've removed that from the diff. Users using 60samba3.ldif instead of 60samba.ldif will have to upgrade it manually.

To ssh://git.fedorahosted.org/git/389/ds.git
64d2bc6..b862b3c master -> master
commit changeset:b862b3c/389-ds-base
Author: Rich Megginson rmeggins@redhat.com
Date: Fri Jan 27 12:01:09 2012 -0700
Reviewed by: nhosoi (Thanks!)
Branch: master
Fix Description: Add schema to 60samba3.ldif
Platforms tested: RHEL6 x86_64
Flag Day: no
Doc impact: no

Added initial screened field value.

Metadata Update from @rmeggins:
- Issue assigned to rmeggins
- Issue set to the milestone: 1.2.10.rc1

2 years ago

Login to comment on this ticket.

Metadata