#29 Samba3-schema is missing sambaTrustedDomainPassword
Closed: wontfix None Opened 12 years ago by mkosek.

https://bugzilla.redhat.com/show_bug.cgi?id=741599

Description of problem:
Samba has added a new objectClass sambaTrustedDomainPassword containing two new
attributes sambaClearTextPassword and sambaTrustedDomainPassword in version 3.2
for storing the domaintrust. The samba3-schema 60samba3.ldif does not include
these, what makes it impossible to establish the domaintrust without adding a
custom ldif.

How reproducible:
net rpc trustdom establish DOMAIN -d10 throws an error about missing
objectClass sambaTrustedDomainPassword

Actual results:
sambaTrustedDomainPassword is not present, net rpc trustdom establish dies with
an error

Expected results:
sambaTrustedDomainPassword is present, net rpc trustdom establish works

Additional info:
Adding following custom schema created from the samba3-schema provided with
samba3 for openldap resolves the problem.

#
###############################################################################
#
#
dn: cn=schema
#
###############################################################################
#
#
attributeTypes: (
  1.3.6.1.4.1.7165.2.1.68
  NAME 'sambaClearTextPassword'
  DESC 'Clear text password (used for trusted domain passwords)'
  EQUALITY octetStringMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
  SINGLE-VALUE
  )
#
###############################################################################
#
#
attributeTypes: (
  1.3.6.1.4.1.7165.2.1.69
  NAME 'sambaPreviousClearTextPassword'
  DESC 'Previous clear text password (used for trusted domain passwords)'
  EQUALITY octetStringMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
  SINGLE-VALUE
  )
#
###############################################################################
#
#
objectClasses: (
  1.3.6.1.4.1.7165.2.2.15
  NAME 'sambaTrustedDomainPassword'
  DESC 'Samba Trusted Domain Password'
  SUP top
  STRUCTURAL
  MUST ( sambaDomainName $ sambaSID $ sambaClearTextPassword $ sambaPwdLastSet
)
  MAY  ( sambaPreviousClearTextPassword )
  )
#
###############################################################################
#
#

Problem also exists on Red Hat Directory Server 8.2, but fixing it upstream in
389 Directory Server will result also in a fix downstream, I hope.

A question...

60samba3.ldif is being added to 60upgradeschemafiles.pl.
ldap/admin/src/scripts/60upgradeschemafiles.pl
14 my @toremove = qw(00core.ldif 01core389.ldif 01common.ldif 02common.ldif 05rfc2247.ldif 05rfc4523.ldif 05rfc4524.ldif 06inetorgperson.ldif 10presence.ldif 28pilot.ldif 30ns-common.ldif 50ns-directory.ldif 60mozilla.ldif 60sudo.ldif 60samba3.ldif);

60samba3.ldif is in sampledata_DATA, not in schema_DATA in Makefile.am. Is it okay? Probably, it's okay since it's updated for the server that has 60samba3.ldif in the schema dir. I'd like to have the confirmation. :)

Replying to [comment:5 nhosoi]:

A question...

60samba3.ldif is being added to 60upgradeschemafiles.pl.
ldap/admin/src/scripts/60upgradeschemafiles.pl
14 my @toremove = qw(00core.ldif 01core389.ldif 01common.ldif 02common.ldif 05rfc2247.ldif 05rfc4523.ldif 05rfc4524.ldif 06inetorgperson.ldif 10presence.ldif 28pilot.ldif 30ns-common.ldif 50ns-directory.ldif 60mozilla.ldif 60sudo.ldif 60samba3.ldif);

60samba3.ldif is in sampledata_DATA, not in schema_DATA in Makefile.am. Is it okay? Probably, it's okay since it's updated for the server that has 60samba3.ldif in the schema dir. I'd like to have the confirmation. :)

We can't update 60samba3.ldif because it is in sampledata_DATA. I've removed that from the diff. Users using 60samba3.ldif instead of 60samba.ldif will have to upgrade it manually.

To ssh://git.fedorahosted.org/git/389/ds.git
64d2bc6..b862b3c master -> master
commit changeset:b862b3c/389-ds-base
Author: Rich Megginson rmeggins@redhat.com
Date: Fri Jan 27 12:01:09 2012 -0700
Reviewed by: nhosoi (Thanks!)
Branch: master
Fix Description: Add schema to 60samba3.ldif
Platforms tested: RHEL6 x86_64
Flag Day: no
Doc impact: no

Added initial screened field value.

Metadata Update from @rmeggins:
- Issue assigned to rmeggins
- Issue set to the milestone: 1.2.10.rc1

7 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/29

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: Fixed)

3 years ago

Login to comment on this ticket.

Metadata