741599 – Samba3-schema is missing sambaTrustedDomainPassword

Bug 741599 - Samba3-schema is missing sambaTrustedDomainPassword

Summary: Samba3-schema is missing sambaTrustedDomainPassword

Keywords:
Status:	CLOSED UPSTREAM
Alias:	None
Product:	389
Classification:	Retired
Component:	Schema
Sub Component:
Version:	1.3.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	low
Target Milestone:	---
Assignee:	Rich Megginson
QA Contact:	Chandrasekar Kannan
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	389_1.3.0 690319
TreeView+	depends on / blocked

Reported:	2011-09-27 11:57 UTC by Dirk Götz
Modified:	2015-01-04 23:51 UTC (History)
CC List:	1 user (show)
Fixed In Version:	389-ds-base-1.2.10.rc1
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-02-07 16:10:44 UTC
Embargoed:

Attachments	(Terms of Use)

Description Dirk Götz 2011-09-27 11:57:58 UTC

Description of problem:
Samba has added a new objectClass sambaTrustedDomainPassword containing two new attributes sambaClearTextPassword and sambaTrustedDomainPassword in version 3.2 for storing the domaintrust. The samba3-schema 60samba3.ldif does not include these, what makes it impossible to establish the domaintrust without adding a custom ldif.

How reproducible:
net rpc trustdom establish DOMAIN -d10 throws an error about missing objectClass sambaTrustedDomainPassword

Actual results:
sambaTrustedDomainPassword is not present, net rpc trustdom establish dies with an error

Expected results:
sambaTrustedDomainPassword is present, net rpc trustdom establish works

Additional info: 
Adding following custom schema created from the samba3-schema provided with samba3 for openldap resolves the problem.

#
################################################################################
#
dn: cn=schema
#
################################################################################
#
attributeTypes: (
  1.3.6.1.4.1.7165.2.1.68
  NAME 'sambaClearTextPassword'
  DESC 'Clear text password (used for trusted domain passwords)'
  EQUALITY octetStringMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
  SINGLE-VALUE
  )
#
################################################################################
#
attributeTypes: (
  1.3.6.1.4.1.7165.2.1.69
  NAME 'sambaPreviousClearTextPassword'
  DESC 'Previous clear text password (used for trusted domain passwords)'
  EQUALITY octetStringMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
  SINGLE-VALUE
  )
#
################################################################################
#
objectClasses: (
  1.3.6.1.4.1.7165.2.2.15
  NAME 'sambaTrustedDomainPassword'
  DESC 'Samba Trusted Domain Password'
  SUP top
  STRUCTURAL
  MUST ( sambaDomainName $ sambaSID $ sambaClearTextPassword $ sambaPwdLastSet )
  MAY  ( sambaPreviousClearTextPassword )
  )
#
################################################################################
#

Problem also exists on Red Hat Directory Server 8.2, but fixing it upstream in 389 Directory Server will result also in a fix downstream, I hope.

Comment 4 Martin Kosek 2012-01-04 13:21:19 UTC

Upstream ticket:
https://fedorahosted.org/389/ticket/29

Comment 5 Rich Megginson 2012-02-07 16:10:44 UTC

Fixed in 389-ds-base-1.2.10.rc1 now in Fedora/EPEL Testing

Note You need to log in before you can comment on or make changes to this bug.