From c6df77f63f2fc8bb706c6d97d6da139b11f24107 Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox@samba.org>
Date: Tue, 11 Sep 2007 16:25:47 +0000
Subject: r25088: Change the objectclass sambaTrustedDomainPassword to have the
 current and possibly the previous trust password stored as clear text
 passwords. (Previous use of NTPassword was a mistake - this is a hash value.)

Michael
(This used to be commit 0beae52ff469903adbfefdffd93a34bb7ad7d68d)
---
 examples/LDAP/samba.schema | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

(limited to 'examples/LDAP')

diff --git a/examples/LDAP/samba.schema b/examples/LDAP/samba.schema
index 31a7a67b8e..1818ca971f 100644
--- a/examples/LDAP/samba.schema
+++ b/examples/LDAP/samba.schema
@@ -457,6 +457,17 @@ attributetype ( 1.3.6.1.4.1.7165.2.1.67 NAME 'sambaRefuseMachinePwdChange'
 	EQUALITY integerMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 
+#
+attributetype ( 1.3.6.1.4.1.7165.2.1.68 NAME 'sambaClearTextPassword'
+	DESC 'Clear text password (used for trusted domain passwords)'
+	EQUALITY octetStringMatch
+	1.3.6.1.4.1.1466.115.121.1.40 )
+
+#
+attributetype ( 1.3.6.1.4.1.7165.2.1.69 NAME 'sambaPreviousClearTextPassword'
+	DESC 'Previous clear text password (used for trusted domain passwords)'
+	EQUALITY octetStringMatch
+	1.3.6.1.4.1.1466.115.121.1.40 )
 
 
 
@@ -507,7 +518,8 @@ objectclass ( 1.3.6.1.4.1.7165.2.2.14 NAME 'sambaTrustPassword' SUP top STRUCTUR
 objectclass ( 1.3.6.1.4.1.7165.2.2.15 NAME 'sambaTrustedDomainPassword' SUP top STRUCTURAL
 	DESC 'Samba Trusted Domain Password'
 	MUST ( sambaDomainName $ sambaSID $
-	       sambaNTPassword $ sambaPwdLastSet ))
+	       sambaClearTextPassword $ sambaPwdLastSet )
+	MAY  ( sambaPreviousClearTextPassword ))
 
 ##
 ## Whole-of-domain info
-- 
cgit