Bug 4406 - eDirectory / schema def. sambaPasswordHistory and sambaPwdMustChange
eDirectory / schema def. sambaPasswordHistory and sambaPwdMustChange
Status: NEW
Product: Samba 3.0
Classification: Unclassified
Component: smbclient
3.0.20b
x86 Linux
: P3 normal
: none
Assigned To: Samba Bugzilla Account
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2007-02-22 09:05 UTC by Norbert Kasperczyk-Borgmann
Modified: 2007-02-26 09:21 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Norbert Kasperczyk-Borgmann 2007-02-22 09:05:31 UTC
As described in Bug https://bugzilla.samba.org/show_bug.cgi?id=3058
there are some Problems to use samba with eDirectory.
I used eDirectory (8.7.3 SP8 and 8.8 SP1 from Novell-Download)
and samba-3.0.20b-3.14 / samba-client-3.0.20b-3.4 from SLES9.
I believe the problem is with earlier Version of samba also.

We have a x86_64 machine(AMD Opteron)with SLES9 (actual Patches).

With samba-client-3.0 are shipped two schema files:
1) /etc/openldap/schema/samba3.schema
2) /usr/share/samba/LDAP/samba-nds.schema

In file samba3.schema is a problem with attribute sambaPasswordHistory
which is sized to 32 Byte but it need 1024 Byte if you like migrate
your accounts form OpenLdap to Edir
OpenLdap checks the value of an attribute not so accurate as Edir does.
In file samba-nds.schema the definition for this attribute is ok.

In both schema files is a problem with sambaPwdMustChange which has
a syntax resulting to the type integer.

For Edir (8.7.3 SP8 and 8.8 SP1) a integer has 32 Bit even if its
running on 64Bit machine. For samba integer is 64 Bit.
If you like to migrate accounts (or just try to create a new one)
samba tries to write the (default) value 9223372036854775807 for
sambaPwdMustChange as a big 64Bit integer that doesn't fit in the 32Bit
integer of Edir. So the ldapadd from Samba to Edir return an error.

I resolved the Problem giving sambaPwdMustChange the Syntax 1.3.6.1.4.1.1466.115.121.1.36{19} (Numeric String sized to 19 Bytes).

That's not a clean solution (a Numeric String isn't a integer) but I didn't
need changes to samba, just work with samba out of the 'SLES Box'.

Is there someone from the samba team which can give the schema files
an appropriate change?
People which like to use Edir as ldap would get an easier success.
Comment 1 Volker Lendecke 2007-02-26 03:23:15 UTC
Just attach your diffs here, that's the best place.

Volker
Comment 2 Norbert Kasperczyk-Borgmann 2007-02-26 09:21:26 UTC
The following output off 'diff' is from file
/usr/share/samba/LDAP/samba-nds.schema
and a second file to which I did the change for sambaPwdMustChange.

57c57
< attributeTypes: ( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange' DESC 'Timestamp of when the password will expire' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
---
> attributeTypes: ( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange' DESC 'Timestamp of when the password will expire' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{19} SINGLE-VALUE )

For the EQUALITY I'm not sure if it is the best solution.
I did the definition for this Attribute with the 'iManager' (Web-based Tool from Novell) directly.