Hi Predrag The only option that I passed to the configure script was "--with-shared-modules=idmap_ad". I left the rest on the defaults as it looked to satisfy my needs.
Are you saying I should pass another option to my configure script "--with-ldap=/usr/lib/openldap/bin"? I am using the correct path? Regards André -----Original Message----- From: Predrag Zecevic [Unix Systems Administrator] [mailto:predrag.zece...@2e-systems.com] Sent: 11 September 2014 11:49 To: openindiana-discuss@openindiana.org Subject: Re: [OpenIndiana-discuss] LDAP Client StartTLS Support Hi Andre, your samba 4 is compiled against "mozldap" utilities (like OI does: https://github.com/OpenIndiana/oi-userland/blob/70e9836ac11a90774a4aa54e0bfdfa2e0b703fae/components/samba/samba30/Makefile) You have to specify to configure procedure path to openldap libraries instead (use '-with-ldap' with path): looks like you can define variable LDAP_LIBS="-lliblber -llibldap" before configure is running. So, how do you configured (compiled) samba 4? Regards. Predrag Zečević On 09/11/14 11:29 AM, Andre Kruger wrote: > Hi > > I have two test systems: > > 1. I installed Samba from the repos using the package manager. > 2. I compiled Samba from source using the latest tarball on samba.org which > was 4.1.11. > > Both of them behave the same, but I have to note that on system 2 I did not > specify to the "configure" script to use any specific ldap client library. I > mainly let it do its own thing. > > Looking at the below I can't tell which ldapsearch Samba is using: > > > ldd /usr/local/samba/bin/net | grep ldap > libsmbldap.so.0 => /usr/local/samba/lib/libsmbldap.so.0 > libldap.so.5 => /usr/lib/libldap.so.5 > libcli-ldap-common.so => > /usr/local/samba/lib/private/libcli-ldap-common.so > libcli_cldap.so => /usr/local/samba/lib/private/libcli_cldap.so > libsmbldaphelper.so => > /usr/local/samba/lib/private/libsmbldaphelper.so > > pkg search -l /usr/lib/libldap.so.5 > INDEX ACTION VALUE PACKAGE > path file usr/lib/libldap.so.5 pkg:/system/library@0.5.11-0.151.1.8 > > > Regards > André > > > -----Original Message----- > From: Predrag Zecevic [Unix Systems Administrator] > [mailto:predrag.zece...@2e-systems.com] > Sent: 11 September 2014 11:20 > To: openindiana-discuss@openindiana.org > Subject: Re: [OpenIndiana-discuss] LDAP Client StartTLS Support > > Hi, > > I was to fast: > $ ldd /usr/bin/net | grep ldap > libldap60.so => /usr/lib/libldap60.so > > $ pkg search -l /usr/lib/libldap60.so > INDEX ACTION VALUE PACKAGE > path link usr/lib/libldap60.so > pkg:/library/samba/libsmbclient@3.6.22-2014.1.0.0 > > So, I guess Samba utilities are compiled against SunOS ldap utilities > (Netscape). > > You might need to compile it yourself and use openldap utilities. > > I might be wrong, but that is my impression. > > Regards. > Predrag Zečević > > On 09/11/14 11:08 AM, Andre Kruger wrote: >> Hi >> >> I do have the library/openldap package installed, >> >> pkg list -a | grep ldap >> SUNWapu13-ldap 1.3.9-0.133 >> --r >> SUNWopenldap 2.4.11-0.133 >> --r >> library/apr-util-13/apr-ldap 1.5.2-0.151.1.8 >> i-- >> library/openldap 2.4.34-0.151.1.8 >> i-- >> naming/ldap 0.5.11-0.151.1.8 >> i-- >> service/network/ldap/opends (opensolaris.org) 2.2.0-0.111 >> i-- >> web/library/apache/apr-util-13/apr-ldap 1.3.9-0.134 >> --r >> >> And searching for the ldapsearch pakage on my system gives the following: >> >> pkg search -l ldapsearch >> INDEX ACTION VALUE PACKAGE >> basename link usr/lib/openldap/bin/amd64/ldapsearch >> pkg:/library/openldap@2.4.34-0.151.1.8 >> basename link usr/lib/openldap/bin/ldapsearch >> pkg:/library/openldap@2.4.34-0.151.1.8 >> basename file usr/bin/ldapsearch >> pkg:/naming/ldap@0.5.11-0.151.1.8 >> basename file usr/opends/bin/ldapsearch >> pkg:/service/network/ldap/opends@2.2.0-0.111 >> >> >> pkg search -l openldapsearch >> INDEX ACTION VALUE PACKAGE >> basename file usr/bin/amd64/openldapsearch >> pkg:/library/openldap@2.4.34-0.151.1.8 >> basename file usr/bin/openldapsearch >> pkg:/library/openldap@2.4.34-0.151.1.8 >> >> >> I understand what you are saying but I don't know how I should use the >> information. Can you please explain. I don't see where/how I can choose >> between using ldapsearch or openldapsearch? >> >> When I (try to)join my Samba server to the domain I use the Samba "net ads >> join" command and that does its own thing. >> >> >> Regards >> André >> >> >> >> -----Original Message----- >> From: Predrag Zecevic [Unix Systems Administrator] >> [mailto:predrag.zece...@2e-systems.com] >> Sent: 11 September 2014 10:12 >> To: openindiana-discuss@openindiana.org >> Subject: Re: [OpenIndiana-discuss] LDAP Client StartTLS Support >> >> Hi, >> >> I guess OI has 2 versions of ldap: >> a) SunOS one >> b) OpenLDAP >> >> You might want to use (for example) openldapsearch command instead of >> ldapsearch [NOTE 'open' prefix] >> >> $ pkg search -l ldapsearch >> INDEX ACTION VALUE PACKAGE >> basename file usr/share/bash-completion/completions/ldapsearch >> pkg:/utility/bash-completion@2.1-2014.0.1.0 >> basename file usr/bin/ldapsearch >> pkg:/naming/ldap@0.5.11-2014.1.2.14627 >> basename link usr/lib/openldap/bin/amd64/ldapsearch >> pkg:/library/openldap@2.4.39-2014.1.2.2 >> basename link usr/lib/openldap/bin/ldapsearch >> pkg:/library/openldap@2.4.39-2014.1.2.2 >> >> So, you might need to install library/openldap package and add >> /usr/lib/openldap/bin to path before /usr/bin (if you wanna use only name >> 'ldapsearch') **or** use commands specifying 'open' prefix: >> >> $ pkg search -l openldapsearch >> INDEX ACTION VALUE PACKAGE >> basename file usr/bin/amd64/openldapsearch >> pkg:/library/openldap@2.4.39-2014.1.2.2 >> basename file usr/bin/openldapsearch >> pkg:/library/openldap@2.4.39-2014.1.2.2 >> >> $ ldd /usr/lib/openldap/bin/ldapsearch >> libldap-2.4.so.2 => /usr/lib/libldap-2.4.so.2 >> liblber-2.4.so.2 => /usr/lib/liblber-2.4.so.2 >> libsasl.so.1 => /usr/lib/libsasl.so.1 >> libnsl.so.1 => /lib/libnsl.so.1 >> libc.so.1 => /lib/libc.so.1 >> libresolv.so.2 => /lib/libresolv.so.2 >> libsocket.so.1 => /lib/libsocket.so.1 >> libssl.so.1.0.0 => /lib/libssl.so.1.0.0 >> libcrypto.so.1.0.0 => /lib/libcrypto.so.1.0.0 >> libmd.so.1 => /lib/libmd.so.1 >> libmp.so.2 => /lib/libmp.so.2 >> libdl.so.1 => /lib/libdl.so.1 >> libgcc_s.so.1 => /usr/lib/libgcc_s.so.1 >> libm.so.2 => /lib/libm.so.2 >> >> HTH >> Regards. >> Predrag Zečević >> >> On 09/11/14 10:03 AM, Andre Kruger wrote: >>> I don't think this is a Samba problem I am only providing the info to help >>> the reader understand where I am coming from. >>> >>> I am trying to join my Samba server to my domain. This previously worked >>> but our AD admins enabled LDAPS on the DCs which broke the connection. Upon >>> retrying to join the domain, running the samba join command in debug mode I >>> get the following: >>> >>> >>> Successfully contacted LDAP server 1.1.1.1 Connected to LDAP server >>> DC1.ad.domain.com StartTLS not supported by LDAP client libraries! >>> >>> >>> Is StartTLS supported by the ldap client we have in OI? >>> >>> According to this site earlier versions of Solaris did not support it yet >>> so I am not sure if it is supported on the current release of OI. >>> >>> http://www.informit.com/articles/article.aspx?p=30339&seqNum=3 >>> >>> _______________________________________________ >>> openindiana-discuss mailing list >>> openindiana-discuss@openindiana.org >>> http://openindiana.org/mailman/listinfo/openindiana-discuss >>> >> >> -- >> Predrag Zečević, Technical Support Analyst, 2e Systems GmbH >> >> Telephone: +49 6196 9505 815, Facsimile: +49 6196 9505 894 >> Mobile: +49 174 3109 288, Skype: predrag.zecevic >> E-mail: predrag.zece...@2e-systems.com >> >> Headquarter: 2e Systems GmbH, Königsteiner Str. 87, >> 65812 Bad Soden am Taunus, Germany Company >> registration: Amtsgericht Königstein (Germany), HRB 7303 >> Managing director: Phil Douglas >> >> http://www.2e-systems.com/ - Making your business fly! >> >> [***]===--- >> According to the latest official figures, 43% of all statistics are totally >> worthless. >> >> _______________________________________________ >> openindiana-discuss mailing list >> openindiana-discuss@openindiana.org >> http://openindiana.org/mailman/listinfo/openindiana-discuss >> _______________________________________________ >> openindiana-discuss mailing list >> openindiana-discuss@openindiana.org >> http://openindiana.org/mailman/listinfo/openindiana-discuss >> > > -- > Predrag Zečević, Technical Support Analyst, 2e Systems GmbH > > Telephone: +49 6196 9505 815, Facsimile: +49 6196 9505 894 > Mobile: +49 174 3109 288, Skype: predrag.zecevic > E-mail: predrag.zece...@2e-systems.com > > Headquarter: 2e Systems GmbH, Königsteiner Str. 87, > 65812 Bad Soden am Taunus, Germany Company > registration: Amtsgericht Königstein (Germany), HRB 7303 > Managing director: Phil Douglas > > http://www.2e-systems.com/ - Making your business fly! > > [***]===--- > Happiness is twin floppies. > > _______________________________________________ > openindiana-discuss mailing list > openindiana-discuss@openindiana.org > http://openindiana.org/mailman/listinfo/openindiana-discuss > _______________________________________________ > openindiana-discuss mailing list > openindiana-discuss@openindiana.org > http://openindiana.org/mailman/listinfo/openindiana-discuss > -- Predrag Zečević, Technical Support Analyst, 2e Systems GmbH Telephone: +49 6196 9505 815, Facsimile: +49 6196 9505 894 Mobile: +49 174 3109 288, Skype: predrag.zecevic E-mail: predrag.zece...@2e-systems.com Headquarter: 2e Systems GmbH, Königsteiner Str. 87, 65812 Bad Soden am Taunus, Germany Company registration: Amtsgericht Königstein (Germany), HRB 7303 Managing director: Phil Douglas http://www.2e-systems.com/ - Making your business fly! [***]===--- Sendmail may be safely run set-user-id to root. -- Eric Allman, "Sendmail Installation Guide" _______________________________________________ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss _______________________________________________ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
