design for storing trusted domain passwords in ldap

Rafal Szczesniak mimir at
Wed Jan 17 21:13:58 GMT 2007

On Wed, Jan 17, 2007 at 12:22:10PM -0500, simo wrote:
> On Wed, 2007-01-17 at 17:28 +0100, Volker Lendecke wrote:
> > On Wed, Jan 17, 2007 at 02:51:06PM +0100, Michael Adam wrote:
> > > Attached, find a patch with these changes to the schema file.
> > > 
> > > Are there any opinions about this?
> > 
> > As told face-to-face, I'd say this looks sane.
> > 
> > Jerry, Simo?
> Except for the Description of 'sambaTrustedDomainName' which have 'the'
> and 'own' reversed it seem ok to me.
> I have a question.
> This object will hold just one way of the trust.
> I seem it would make sense to have it so that both ways of the trust are
> held in the same object.
> But it is obviously not in this proposal, is there a reason for that?

As Jerry said, the opposite direction of trust is stored in passdb _and_
this is not how NT trusts are constructed. ADS trusts are bidirectional,
not NT.

Rafal Szczesniak
Samba Team member

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url :

More information about the samba-technical mailing list