r25088: Change the objectclass sambaTrustedDomainPassword to

have the current and possibly the previous trust password
stored as clear text passwords. (Previous use of NTPassword
was a mistake - this is a hash value.)

Michael
(This used to be commit 0beae52ff469903adbfefdffd93a34bb7ad7d68d)

1 files changed, 13 insertions, 1 deletions

diff --git a/examples/LDAP/samba.schema b/examples/LDAP/samba.schema
index 31a7a67b8e..1818ca971f 100644
--- a/examples/LDAP/samba.schema
+++ b/examples/LDAP/samba.schema
@@ -457,6 +457,17 @@ attributetype ( 1.3.6.1.4.1.7165.2.1.67 NAME 'sambaRefuseMachinePwdChange'
 	EQUALITY integerMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 
+#
+attributetype ( 1.3.6.1.4.1.7165.2.1.68 NAME 'sambaClearTextPassword'
+	DESC 'Clear text password (used for trusted domain passwords)'
+	EQUALITY octetStringMatch
+	1.3.6.1.4.1.1466.115.121.1.40 )
+
+#
+attributetype ( 1.3.6.1.4.1.7165.2.1.69 NAME 'sambaPreviousClearTextPassword'
+	DESC 'Previous clear text password (used for trusted domain passwords)'
+	EQUALITY octetStringMatch
+	1.3.6.1.4.1.1466.115.121.1.40 )
 
 
 
@@ -507,7 +518,8 @@ objectclass ( 1.3.6.1.4.1.7165.2.2.14 NAME 'sambaTrustPassword' SUP top STRUCTUR
 objectclass ( 1.3.6.1.4.1.7165.2.2.15 NAME 'sambaTrustedDomainPassword' SUP top STRUCTURAL
 	DESC 'Samba Trusted Domain Password'
 	MUST ( sambaDomainName $ sambaSID $
-	       sambaNTPassword $ sambaPwdLastSet ))
+	       sambaClearTextPassword $ sambaPwdLastSet )
+	MAY  ( sambaPreviousClearTextPassword ))
 
 ##
 ## Whole-of-domain info