design for storing trusted domain passwords in ldap
Michael Adam
ma at sernet.de
Thu Jan 18 21:52:24 GMT 2007
On Thu, Jan 18, 2007, Gerald (Jerry) Carter wrote:
> Volker Lendecke wrote:
> > On Thu, Jan 18, 2007 at 07:15:57AM -0600, Gerald (Jerry) Carter wrote:
> >> But you need the ldap suffix set correctly for other things.
> >> My preference is to simply associate the trust information
> >> with the parent DN (sambaDomainName container).
> >
> > So no "ldap trust suffix"? Just
> > "cn=trusteddomname,<sambadomaindn>"? I'm fine with that.
>
> No. let's not make it harder to set up a Samba/LDAP combination.
Ok, then I drop the sambaTrustedDomainName attribute.
Here is the updated patch to the schema file.
Michael
--
Michael Adam, SerNet Service Network GmbH
phone: +49-551-370000-0, fax: +49-551-370000-9
-------------- next part --------------
Index: examples/LDAP/samba.schema
===================================================================
--- examples/LDAP/samba.schema (revision 20880)
+++ examples/LDAP/samba.schema (working copy)
@@ -501,6 +501,15 @@
MAY ( sambaSID $ sambaPwdLastSet ))
##
+## Trust password for trusted domains
+## (to be stored beneath the trusting sambaDomain object in the DIT)
+##
+objectclass ( 1.3.6.1.4.1.7165.2.2.15 NAME 'sambaTrustedDomainPassword' SUP top STRUCTURAL
+ DESC 'Samba Trusted Domain Password'
+ MUST ( sambaDomainName $ sambaSID $
+ sambaNTPassword $ sambaPwdLastSet ))
+
+##
## Whole-of-domain info
##
objectclass ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' SUP top STRUCTURAL
More information about the samba-technical
mailing list