https://bugzilla.redhat.com/show_bug.cgi?id=741599
Description of problem: Samba has added a new objectClass sambaTrustedDomainPassword containing two new attributes sambaClearTextPassword and sambaTrustedDomainPassword in version 3.2 for storing the domaintrust. The samba3-schema 60samba3.ldif does not include these, what makes it impossible to establish the domaintrust without adding a custom ldif. How reproducible: net rpc trustdom establish DOMAIN -d10 throws an error about missing objectClass sambaTrustedDomainPassword Actual results: sambaTrustedDomainPassword is not present, net rpc trustdom establish dies with an error Expected results: sambaTrustedDomainPassword is present, net rpc trustdom establish works Additional info: Adding following custom schema created from the samba3-schema provided with samba3 for openldap resolves the problem. # ############################################################################### # # dn: cn=schema # ############################################################################### # # attributeTypes: ( 1.3.6.1.4.1.7165.2.1.68 NAME 'sambaClearTextPassword' DESC 'Clear text password (used for trusted domain passwords)' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) # ############################################################################### # # attributeTypes: ( 1.3.6.1.4.1.7165.2.1.69 NAME 'sambaPreviousClearTextPassword' DESC 'Previous clear text password (used for trusted domain passwords)' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) # ############################################################################### # # objectClasses: ( 1.3.6.1.4.1.7165.2.2.15 NAME 'sambaTrustedDomainPassword' DESC 'Samba Trusted Domain Password' SUP top STRUCTURAL MUST ( sambaDomainName $ sambaSID $ sambaClearTextPassword $ sambaPwdLastSet ) MAY ( sambaPreviousClearTextPassword ) ) # ############################################################################### # # Problem also exists on Red Hat Directory Server 8.2, but fixing it upstream in 389 Directory Server will result also in a fix downstream, I hope.
A question...
60samba3.ldif is being added to 60upgradeschemafiles.pl. ldap/admin/src/scripts/60upgradeschemafiles.pl 14 my @toremove = qw(00core.ldif 01core389.ldif 01common.ldif 02common.ldif 05rfc2247.ldif 05rfc4523.ldif 05rfc4524.ldif 06inetorgperson.ldif 10presence.ldif 28pilot.ldif 30ns-common.ldif 50ns-directory.ldif 60mozilla.ldif 60sudo.ldif 60samba3.ldif);
60samba3.ldif is in sampledata_DATA, not in schema_DATA in Makefile.am. Is it okay? Probably, it's okay since it's updated for the server that has 60samba3.ldif in the schema dir. I'd like to have the confirmation. :)
0001-Ticket-29-Samba3-schema-is-missing-sambaTrustedDomai.patch 0001-Ticket-29-Samba3-schema-is-missing-sambaTrustedDomai.patch
Replying to [comment:5 nhosoi]:
A question... 60samba3.ldif is being added to 60upgradeschemafiles.pl. ldap/admin/src/scripts/60upgradeschemafiles.pl 14 my @toremove = qw(00core.ldif 01core389.ldif 01common.ldif 02common.ldif 05rfc2247.ldif 05rfc4523.ldif 05rfc4524.ldif 06inetorgperson.ldif 10presence.ldif 28pilot.ldif 30ns-common.ldif 50ns-directory.ldif 60mozilla.ldif 60sudo.ldif 60samba3.ldif); 60samba3.ldif is in sampledata_DATA, not in schema_DATA in Makefile.am. Is it okay? Probably, it's okay since it's updated for the server that has 60samba3.ldif in the schema dir. I'd like to have the confirmation. :)
We can't update 60samba3.ldif because it is in sampledata_DATA. I've removed that from the diff. Users using 60samba3.ldif instead of 60samba.ldif will have to upgrade it manually.
To ssh://git.fedorahosted.org/git/389/ds.git 64d2bc6..b862b3c master -> master commit changeset:b862b3c/389-ds-base Author: Rich Megginson rmeggins@redhat.com Date: Fri Jan 27 12:01:09 2012 -0700 Reviewed by: nhosoi (Thanks!) Branch: master Fix Description: Add schema to 60samba3.ldif Platforms tested: RHEL6 x86_64 Flag Day: no Doc impact: no
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=788747
Added initial screened field value.
Metadata Update from @rmeggins: - Issue assigned to rmeggins - Issue set to the milestone: 1.2.10.rc1
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/29
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Fixed)
Login to comment on this ticket.