11 dn: flatname=${DOMAIN},CN=Primary Domains
13 objectClass: primaryDomain
14 objectClass: kerberosSecret
17 secret: ${MACHINEPASS}
19 sAMAccountName: ${NETBIOSNAME}$
20 whenCreated: ${LDAPTIME}
21 whenChanged: ${LDAPTIME}
22 msDS-KeyVersionNumber: 1
23 objectSid: ${DOMAINSID}
24 privateKeytab: ${SECRETS_KEYTAB}
26 # A hook from our credentials system into HDB, as we must be on a KDC,
27 # we can look directly into the database.
28 dn: samAccountName=krbtgt,flatname=${DOMAIN},CN=Principals
31 objectClass: kerberosSecret
34 sAMAccountName: krbtgt
35 whenCreated: ${LDAPTIME}
36 whenChanged: ${LDAPTIME}
37 objectSid: ${DOMAINSID}
38 servicePrincipalName: kadmin/changepw
39 krb5Keytab: HDB:ldb:${SAM_LDB}:
40 #The trailing : here is a HACK, but it matches the Heimdal format.