Bug 788747 - Samba3-schema is missing sambaTrustedDomainPassword
Summary: Samba3-schema is missing sambaTrustedDomainPassword
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: 389-ds-base
Version: 6.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Rich Megginson
QA Contact: IDM QE LIST
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-02-08 22:48 UTC by Rich Megginson
Modified: 2020-09-13 19:46 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-02-29 16:54:19 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Github 389ds 389-ds-base issues 29 0 None None None 2020-09-13 19:46:14 UTC

Description Rich Megginson 2012-02-08 22:48:42 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/389/ticket/29

https://bugzilla.redhat.com/show_bug.cgi?id=741599

{{{
Description of problem:
Samba has added a new objectClass sambaTrustedDomainPassword containing two new
attributes sambaClearTextPassword and sambaTrustedDomainPassword in version 3.2
for storing the domaintrust. The samba3-schema 60samba3.ldif does not include
these, what makes it impossible to establish the domaintrust without adding a
custom ldif.

How reproducible:
net rpc trustdom establish DOMAIN -d10 throws an error about missing
objectClass sambaTrustedDomainPassword

Actual results:
sambaTrustedDomainPassword is not present, net rpc trustdom establish dies with
an error

Expected results:
sambaTrustedDomainPassword is present, net rpc trustdom establish works

Additional info:
Adding following custom schema created from the samba3-schema provided with
samba3 for openldap resolves the problem.

#
###############################################################################
#
#
dn: cn=schema
#
###############################################################################
#
#
attributeTypes: (
  1.3.6.1.4.1.7165.2.1.68
  NAME 'sambaClearTextPassword'
  DESC 'Clear text password (used for trusted domain passwords)'
  EQUALITY octetStringMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
  SINGLE-VALUE
  )
#
###############################################################################
#
#
attributeTypes: (
  1.3.6.1.4.1.7165.2.1.69
  NAME 'sambaPreviousClearTextPassword'
  DESC 'Previous clear text password (used for trusted domain passwords)'
  EQUALITY octetStringMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
  SINGLE-VALUE
  )
#
###############################################################################
#
#
objectClasses: (
  1.3.6.1.4.1.7165.2.2.15
  NAME 'sambaTrustedDomainPassword'
  DESC 'Samba Trusted Domain Password'
  SUP top
  STRUCTURAL
  MUST ( sambaDomainName $ sambaSID $ sambaClearTextPassword $ sambaPwdLastSet
)
  MAY  ( sambaPreviousClearTextPassword )
  )
#
###############################################################################
#
#

Problem also exists on Red Hat Directory Server 8.2, but fixing it upstream in
389 Directory Server will result also in a fix downstream, I hope.
}}}
Comment 1 Nathan Kinder 2012-02-29 16:54:19 UTC 
Closing this, as we do not need a RHEL clone bug for this since this is not QE tested functionality.
Note You need to log in before you can comment on or make changes to this bug.