Re: [OpenIndiana-discuss] LDAP Client StartTLS Support

Thu, 11 Sep 2014 02:49:54 -0700 

Hi Andre,
your samba 4 is compiled against "mozldap" utilities (like OI does: https://github.com/OpenIndiana/oi-userland/blob/70e9836ac11a90774a4aa54e0bfdfa2e0b703fae/components/samba/samba30/Makefile) 

You have to specify to configure procedure path to openldap libraries instead 
(use '-with-ldap' with path):
looks like you can define variable LDAP_LIBS="-lliblber -llibldap" before 
configure is running.

So, how do you configured (compiled) samba 4?

Regards.
Predrag Zečević

On 09/11/14 11:29 AM, Andre Kruger wrote:

Hi

I have two test systems:

1. I installed Samba from the repos using the package manager.
2. I compiled Samba from source using the latest tarball on samba.org which was 
4.1.11.

Both of them behave the same, but I have to note that on system 2 I did not specify to 
the "configure" script to use any specific ldap client library. I mainly let it 
do its own thing.

Looking at the below I can't tell which ldapsearch Samba is using:


ldd /usr/local/samba/bin/net | grep ldap
         libsmbldap.so.0 =>       /usr/local/samba/lib/libsmbldap.so.0
         libldap.so.5 =>  /usr/lib/libldap.so.5
         libcli-ldap-common.so =>         
/usr/local/samba/lib/private/libcli-ldap-common.so
         libcli_cldap.so =>       /usr/local/samba/lib/private/libcli_cldap.so
         libsmbldaphelper.so =>   
/usr/local/samba/lib/private/libsmbldaphelper.so

pkg search -l /usr/lib/libldap.so.5
INDEX      ACTION VALUE                PACKAGE
path       file   usr/lib/libldap.so.5 pkg:/system/library@0.5.11-0.151.1.8


Regards
André


-----Original Message-----
From: Predrag Zecevic [Unix Systems Administrator] 
[mailto:predrag.zece...@2e-systems.com]
Sent: 11 September 2014 11:20
To: openindiana-discuss@openindiana.org
Subject: Re: [OpenIndiana-discuss] LDAP Client StartTLS Support

Hi,

I was to fast:
$ ldd /usr/bin/net | grep ldap
          libldap60.so =>  /usr/lib/libldap60.so

$ pkg search -l /usr/lib/libldap60.so
INDEX      ACTION VALUE                PACKAGE
path       link   usr/lib/libldap60.so 
pkg:/library/samba/libsmbclient@3.6.22-2014.1.0.0

So, I guess Samba utilities are compiled against SunOS ldap utilities 
(Netscape).

You might need to compile it yourself and use openldap utilities.

I might be wrong, but that is my impression.

Regards.
Predrag Zečević

On 09/11/14 11:08 AM, Andre Kruger wrote:

Hi

I do have the library/openldap package installed,

pkg list -a | grep ldap
SUNWapu13-ldap                                    1.3.9-0.133                --r
SUNWopenldap                                      2.4.11-0.133               --r
library/apr-util-13/apr-ldap                      1.5.2-0.151.1.8            i--
library/openldap                                  2.4.34-0.151.1.8           i--
naming/ldap                                       0.5.11-0.151.1.8           i--
service/network/ldap/opends (opensolaris.org)     2.2.0-0.111                i--
web/library/apache/apr-util-13/apr-ldap           1.3.9-0.134                --r

And searching for the ldapsearch pakage on my system gives the following:

pkg search -l ldapsearch
INDEX      ACTION VALUE                                 PACKAGE
basename   link   usr/lib/openldap/bin/amd64/ldapsearch 
pkg:/library/openldap@2.4.34-0.151.1.8
basename   link   usr/lib/openldap/bin/ldapsearch       
pkg:/library/openldap@2.4.34-0.151.1.8
basename   file   usr/bin/ldapsearch                    
pkg:/naming/ldap@0.5.11-0.151.1.8
basename   file   usr/opends/bin/ldapsearch             
pkg:/service/network/ldap/opends@2.2.0-0.111


pkg search -l openldapsearch
INDEX      ACTION VALUE                        PACKAGE
basename   file   usr/bin/amd64/openldapsearch 
pkg:/library/openldap@2.4.34-0.151.1.8
basename   file   usr/bin/openldapsearch       
pkg:/library/openldap@2.4.34-0.151.1.8


I understand what you are saying but I don't know how I should use the 
information. Can you please explain. I don't see where/how I can choose between 
using ldapsearch or openldapsearch?

When I (try to)join my Samba server to the domain I use the Samba "net ads 
join" command and that does its own thing.


Regards
André



-----Original Message-----
From: Predrag Zecevic [Unix Systems Administrator]
[mailto:predrag.zece...@2e-systems.com]
Sent: 11 September 2014 10:12
To: openindiana-discuss@openindiana.org
Subject: Re: [OpenIndiana-discuss] LDAP Client StartTLS Support

Hi,

I guess OI has 2 versions of ldap:
a) SunOS one
b) OpenLDAP

You might want to use (for example) openldapsearch command instead of
ldapsearch [NOTE 'open' prefix]

$ pkg search -l ldapsearch
INDEX      ACTION VALUE                                            PACKAGE
basename   file   usr/share/bash-completion/completions/ldapsearch 
pkg:/utility/bash-completion@2.1-2014.0.1.0
basename   file   usr/bin/ldapsearch                               
pkg:/naming/ldap@0.5.11-2014.1.2.14627
basename   link   usr/lib/openldap/bin/amd64/ldapsearch            
pkg:/library/openldap@2.4.39-2014.1.2.2
basename   link   usr/lib/openldap/bin/ldapsearch                  
pkg:/library/openldap@2.4.39-2014.1.2.2

So, you might need to install library/openldap package and add 
/usr/lib/openldap/bin to path before /usr/bin (if you wanna use only name 
'ldapsearch') **or** use commands specifying 'open' prefix:

$ pkg search -l openldapsearch
INDEX      ACTION VALUE                        PACKAGE
basename   file   usr/bin/amd64/openldapsearch 
pkg:/library/openldap@2.4.39-2014.1.2.2
basename   file   usr/bin/openldapsearch       
pkg:/library/openldap@2.4.39-2014.1.2.2

$ ldd /usr/lib/openldap/bin/ldapsearch
           libldap-2.4.so.2 =>      /usr/lib/libldap-2.4.so.2
           liblber-2.4.so.2 =>      /usr/lib/liblber-2.4.so.2
           libsasl.so.1 =>  /usr/lib/libsasl.so.1
           libnsl.so.1 =>   /lib/libnsl.so.1
           libc.so.1 =>     /lib/libc.so.1
           libresolv.so.2 =>        /lib/libresolv.so.2
           libsocket.so.1 =>        /lib/libsocket.so.1
           libssl.so.1.0.0 =>       /lib/libssl.so.1.0.0
           libcrypto.so.1.0.0 =>    /lib/libcrypto.so.1.0.0
           libmd.so.1 =>    /lib/libmd.so.1
           libmp.so.2 =>    /lib/libmp.so.2
           libdl.so.1 =>    /lib/libdl.so.1
           libgcc_s.so.1 =>         /usr/lib/libgcc_s.so.1
           libm.so.2 =>     /lib/libm.so.2

HTH
Regards.
Predrag Zečević

On 09/11/14 10:03 AM, Andre Kruger wrote:

I don't think this is a Samba problem I am only providing the info to help the 
reader understand where I am coming from.

I am trying to join my Samba server to my domain. This previously worked but 
our AD admins enabled LDAPS on the DCs which broke the connection. Upon 
retrying to join the domain, running the samba join command in debug mode I get 
the following:


Successfully contacted LDAP server 1.1.1.1 Connected to LDAP server
DC1.ad.domain.com StartTLS not supported by LDAP client libraries!


Is StartTLS supported by the ldap client we have in OI?

According to this site earlier versions of Solaris did not support it yet so I 
am not sure if it is supported on the current release of OI.

http://www.informit.com/articles/article.aspx?p=30339&seqNum=3

_______________________________________________
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss



--
Predrag Zečević, Technical Support Analyst, 2e Systems GmbH

Telephone: +49 6196 9505 815, Facsimile: +49 6196 9505 894
Mobile:    +49  174 3109 288,     Skype: predrag.zecevic
E-mail:    predrag.zece...@2e-systems.com

Headquarter:          2e Systems GmbH, Königsteiner Str. 87,
                         65812 Bad Soden am Taunus, Germany Company 
registration: Amtsgericht Königstein (Germany), HRB 7303
Managing director:    Phil Douglas

http://www.2e-systems.com/ - Making your business fly!

[***]===---
According to the latest official figures, 43% of all statistics are totally 
worthless.

_______________________________________________
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss
_______________________________________________
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss



--
Predrag Zečević, Technical Support Analyst, 2e Systems GmbH

Telephone: +49 6196 9505 815, Facsimile: +49 6196 9505 894
Mobile:    +49  174 3109 288,     Skype: predrag.zecevic
E-mail:    predrag.zece...@2e-systems.com

Headquarter:          2e Systems GmbH, Königsteiner Str. 87,
                        65812 Bad Soden am Taunus, Germany Company 
registration: Amtsgericht Königstein (Germany), HRB 7303
Managing director:    Phil Douglas

http://www.2e-systems.com/ - Making your business fly!

[***]===---
Happiness is twin floppies.

_______________________________________________
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss
_______________________________________________
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss



--
Predrag Zečević, Technical Support Analyst, 2e Systems GmbH

Telephone: +49 6196 9505 815, Facsimile: +49 6196 9505 894
Mobile:    +49  174 3109 288,     Skype: predrag.zecevic
E-mail:    predrag.zece...@2e-systems.com

Headquarter:          2e Systems GmbH, Königsteiner Str. 87,
                      65812 Bad Soden am Taunus, Germany
Company registration: Amtsgericht Königstein (Germany), HRB 7303
Managing director:    Phil Douglas

http://www.2e-systems.com/ - Making your business fly!

[***]===---
Sendmail may be safely run set-user-id to root. -- Eric Allman, "Sendmail 
Installation Guide"

_______________________________________________
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss






















					Reply via email to