design for storing trusted domain passwords in ldap

Andrew Bartlett abartlet at
Sat Jan 20 07:58:27 GMT 2007

On Thu, 2007-01-18 at 23:57 +0100, Michael Adam wrote:
> Hi Andrew,
> On Fri, Jan 19, 2007, Andrew Bartlett wrote:
> > 
> > We should store the previous password, so we can bind to a DC in the
> > remote domain, that is a little slow on the uptake.  (Yes, we also need
> > logic to use the previous password, both in trusted domain and member
> > server code).  
> Do you think of storing the previous password (and maybe more
> of the history) as an additional nt password attribute (or as 
> a sambaPasswordHistory attribute) of the sambaTrustedDomainPassword
> object or rather as an object of its own like sambaTrustedDomainLastPassword 
> or even sambaTrustedDomainPasswordHistory?

The password cannot be stored as an additional value in an existing
attribute, as these are unsorted in LDAP.  We will need a new LDAP

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 
Samba Developer, Red Hat Inc.        
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list