design for storing trusted domain passwords in ldap
mimir at samba.org
Wed Jan 17 21:13:58 GMT 2007
On Wed, Jan 17, 2007 at 12:22:10PM -0500, simo wrote:
> On Wed, 2007-01-17 at 17:28 +0100, Volker Lendecke wrote:
> > On Wed, Jan 17, 2007 at 02:51:06PM +0100, Michael Adam wrote:
> > > Attached, find a patch with these changes to the schema file.
> > >
> > > Are there any opinions about this?
> > As told face-to-face, I'd say this looks sane.
> > Jerry, Simo?
> Except for the Description of 'sambaTrustedDomainName' which have 'the'
> and 'own' reversed it seem ok to me.
> I have a question.
> This object will hold just one way of the trust.
> I seem it would make sense to have it so that both ways of the trust are
> held in the same object.
> But it is obviously not in this proposal, is there a reason for that?
As Jerry said, the opposite direction of trust is stored in passdb _and_
this is not how NT trusts are constructed. ADS trusts are bidirectional,
Samba Team member http://www.samba.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: Digital signature
Url : http://lists.samba.org/archive/samba-technical/attachments/20070117/0640e8e6/attachment.bin
More information about the samba-technical