Hi Predrag Yeah thanks, I get to the same conclusion. But on the one machine I am compiling Samba from source. I just need to find an option to make it use openldap instead to see if that will fix my problem. The "configure --with-ldap" option does not take any arguments so that option does not work.
Regards André -----Original Message----- From: Predrag Zecevic [Unix Systems Administrator] [mailto:predrag.zece...@2e-systems.com] Sent: 11 September 2014 12:35 To: openindiana-discuss@openindiana.org Subject: Re: [OpenIndiana-discuss] LDAP Client StartTLS Support Hi Andre, I have found this interesting article: http://docs.oracle.com/cd/E19316-01/820-3040/gdbcd/index.html which might help you better than me (I am not using Samba, but have compiled OpenSSL/OpenSSH/OpenLDA/MIT Kerberos5 to work together). When i find some time, will try to compile samba too. To conclude, OI Samba 3 is NOT using OpenLDAP or OpenSSL, that might be cause of error you get. Regards. Predrag Zečević On 09/11/14 11:58 AM, Andre Kruger wrote: > Hi Predrag > > The only option that I passed to the configure script was > "--with-shared-modules=idmap_ad". I left the rest on the defaults as it > looked to satisfy my needs. > > Are you saying I should pass another option to my configure script > "--with-ldap=/usr/lib/openldap/bin"? I am using the correct path? > > > Regards > André > > > -----Original Message----- > From: Predrag Zecevic [Unix Systems Administrator] > [mailto:predrag.zece...@2e-systems.com] > Sent: 11 September 2014 11:49 > To: openindiana-discuss@openindiana.org > Subject: Re: [OpenIndiana-discuss] LDAP Client StartTLS Support > > Hi Andre, > > your samba 4 is compiled against "mozldap" utilities (like OI does: > https://github.com/OpenIndiana/oi-userland/blob/70e9836ac11a90774a4aa5 > 4e0bfdfa2e0b703fae/components/samba/samba30/Makefile) > > You have to specify to configure procedure path to openldap libraries instead > (use '-with-ldap' with path): > looks like you can define variable LDAP_LIBS="-lliblber -llibldap" before > configure is running. > > So, how do you configured (compiled) samba 4? > > Regards. > Predrag Zečević > > On 09/11/14 11:29 AM, Andre Kruger wrote: >> Hi >> >> I have two test systems: >> >> 1. I installed Samba from the repos using the package manager. >> 2. I compiled Samba from source using the latest tarball on samba.org which >> was 4.1.11. >> >> Both of them behave the same, but I have to note that on system 2 I did not >> specify to the "configure" script to use any specific ldap client library. I >> mainly let it do its own thing. >> >> Looking at the below I can't tell which ldapsearch Samba is using: >> >> >> ldd /usr/local/samba/bin/net | grep ldap >> libsmbldap.so.0 => /usr/local/samba/lib/libsmbldap.so.0 >> libldap.so.5 => /usr/lib/libldap.so.5 >> libcli-ldap-common.so => >> /usr/local/samba/lib/private/libcli-ldap-common.so >> libcli_cldap.so => >> /usr/local/samba/lib/private/libcli_cldap.so >> libsmbldaphelper.so => >> /usr/local/samba/lib/private/libsmbldaphelper.so >> >> pkg search -l /usr/lib/libldap.so.5 >> INDEX ACTION VALUE PACKAGE >> path file usr/lib/libldap.so.5 pkg:/system/library@0.5.11-0.151.1.8 >> >> >> Regards >> André >> >> >> -----Original Message----- >> From: Predrag Zecevic [Unix Systems Administrator] >> [mailto:predrag.zece...@2e-systems.com] >> Sent: 11 September 2014 11:20 >> To: openindiana-discuss@openindiana.org >> Subject: Re: [OpenIndiana-discuss] LDAP Client StartTLS Support >> >> Hi, >> >> I was to fast: >> $ ldd /usr/bin/net | grep ldap >> libldap60.so => /usr/lib/libldap60.so >> >> $ pkg search -l /usr/lib/libldap60.so >> INDEX ACTION VALUE PACKAGE >> path link usr/lib/libldap60.so >> pkg:/library/samba/libsmbclient@3.6.22-2014.1.0.0 >> >> So, I guess Samba utilities are compiled against SunOS ldap utilities >> (Netscape). >> >> You might need to compile it yourself and use openldap utilities. >> >> I might be wrong, but that is my impression. >> >> Regards. >> Predrag Zečević >> >> On 09/11/14 11:08 AM, Andre Kruger wrote: >>> Hi >>> >>> I do have the library/openldap package installed, >>> >>> pkg list -a | grep ldap >>> SUNWapu13-ldap 1.3.9-0.133 >>> --r >>> SUNWopenldap 2.4.11-0.133 >>> --r >>> library/apr-util-13/apr-ldap 1.5.2-0.151.1.8 >>> i-- >>> library/openldap 2.4.34-0.151.1.8 >>> i-- >>> naming/ldap 0.5.11-0.151.1.8 >>> i-- >>> service/network/ldap/opends (opensolaris.org) 2.2.0-0.111 >>> i-- >>> web/library/apache/apr-util-13/apr-ldap 1.3.9-0.134 >>> --r >>> >>> And searching for the ldapsearch pakage on my system gives the following: >>> >>> pkg search -l ldapsearch >>> INDEX ACTION VALUE PACKAGE >>> basename link usr/lib/openldap/bin/amd64/ldapsearch >>> pkg:/library/openldap@2.4.34-0.151.1.8 >>> basename link usr/lib/openldap/bin/ldapsearch >>> pkg:/library/openldap@2.4.34-0.151.1.8 >>> basename file usr/bin/ldapsearch >>> pkg:/naming/ldap@0.5.11-0.151.1.8 >>> basename file usr/opends/bin/ldapsearch >>> pkg:/service/network/ldap/opends@2.2.0-0.111 >>> >>> >>> pkg search -l openldapsearch >>> INDEX ACTION VALUE PACKAGE >>> basename file usr/bin/amd64/openldapsearch >>> pkg:/library/openldap@2.4.34-0.151.1.8 >>> basename file usr/bin/openldapsearch >>> pkg:/library/openldap@2.4.34-0.151.1.8 >>> >>> >>> I understand what you are saying but I don't know how I should use the >>> information. Can you please explain. I don't see where/how I can choose >>> between using ldapsearch or openldapsearch? >>> >>> When I (try to)join my Samba server to the domain I use the Samba "net ads >>> join" command and that does its own thing. >>> >>> >>> Regards >>> André >>> >>> >>> >>> -----Original Message----- >>> From: Predrag Zecevic [Unix Systems Administrator] >>> [mailto:predrag.zece...@2e-systems.com] >>> Sent: 11 September 2014 10:12 >>> To: openindiana-discuss@openindiana.org >>> Subject: Re: [OpenIndiana-discuss] LDAP Client StartTLS Support >>> >>> Hi, >>> >>> I guess OI has 2 versions of ldap: >>> a) SunOS one >>> b) OpenLDAP >>> >>> You might want to use (for example) openldapsearch command instead >>> of ldapsearch [NOTE 'open' prefix] >>> >>> $ pkg search -l ldapsearch >>> INDEX ACTION VALUE PACKAGE >>> basename file usr/share/bash-completion/completions/ldapsearch >>> pkg:/utility/bash-completion@2.1-2014.0.1.0 >>> basename file usr/bin/ldapsearch >>> pkg:/naming/ldap@0.5.11-2014.1.2.14627 >>> basename link usr/lib/openldap/bin/amd64/ldapsearch >>> pkg:/library/openldap@2.4.39-2014.1.2.2 >>> basename link usr/lib/openldap/bin/ldapsearch >>> pkg:/library/openldap@2.4.39-2014.1.2.2 >>> >>> So, you might need to install library/openldap package and add >>> /usr/lib/openldap/bin to path before /usr/bin (if you wanna use only name >>> 'ldapsearch') **or** use commands specifying 'open' prefix: >>> >>> $ pkg search -l openldapsearch >>> INDEX ACTION VALUE PACKAGE >>> basename file usr/bin/amd64/openldapsearch >>> pkg:/library/openldap@2.4.39-2014.1.2.2 >>> basename file usr/bin/openldapsearch >>> pkg:/library/openldap@2.4.39-2014.1.2.2 >>> >>> $ ldd /usr/lib/openldap/bin/ldapsearch >>> libldap-2.4.so.2 => /usr/lib/libldap-2.4.so.2 >>> liblber-2.4.so.2 => /usr/lib/liblber-2.4.so.2 >>> libsasl.so.1 => /usr/lib/libsasl.so.1 >>> libnsl.so.1 => /lib/libnsl.so.1 >>> libc.so.1 => /lib/libc.so.1 >>> libresolv.so.2 => /lib/libresolv.so.2 >>> libsocket.so.1 => /lib/libsocket.so.1 >>> libssl.so.1.0.0 => /lib/libssl.so.1.0.0 >>> libcrypto.so.1.0.0 => /lib/libcrypto.so.1.0.0 >>> libmd.so.1 => /lib/libmd.so.1 >>> libmp.so.2 => /lib/libmp.so.2 >>> libdl.so.1 => /lib/libdl.so.1 >>> libgcc_s.so.1 => /usr/lib/libgcc_s.so.1 >>> libm.so.2 => /lib/libm.so.2 >>> >>> HTH >>> Regards. >>> Predrag Zečević >>> >>> On 09/11/14 10:03 AM, Andre Kruger wrote: >>>> I don't think this is a Samba problem I am only providing the info to help >>>> the reader understand where I am coming from. >>>> >>>> I am trying to join my Samba server to my domain. This previously worked >>>> but our AD admins enabled LDAPS on the DCs which broke the connection. >>>> Upon retrying to join the domain, running the samba join command in debug >>>> mode I get the following: >>>> >>>> >>>> Successfully contacted LDAP server 1.1.1.1 Connected to LDAP server >>>> DC1.ad.domain.com StartTLS not supported by LDAP client libraries! >>>> >>>> >>>> Is StartTLS supported by the ldap client we have in OI? >>>> >>>> According to this site earlier versions of Solaris did not support it yet >>>> so I am not sure if it is supported on the current release of OI. >>>> >>>> http://www.informit.com/articles/article.aspx?p=30339&seqNum=3 >>>> >>>> _______________________________________________ >>>> openindiana-discuss mailing list >>>> openindiana-discuss@openindiana.org >>>> http://openindiana.org/mailman/listinfo/openindiana-discuss >>>> >>> >>> -- >>> Predrag Zečević, Technical Support Analyst, 2e Systems GmbH >>> >>> Telephone: +49 6196 9505 815, Facsimile: +49 6196 9505 894 >>> Mobile: +49 174 3109 288, Skype: predrag.zecevic >>> E-mail: predrag.zece...@2e-systems.com >>> >>> Headquarter: 2e Systems GmbH, Königsteiner Str. 87, >>> 65812 Bad Soden am Taunus, Germany Company >>> registration: Amtsgericht Königstein (Germany), HRB 7303 >>> Managing director: Phil Douglas >>> >>> http://www.2e-systems.com/ - Making your business fly! >>> >>> [***]===--- >>> According to the latest official figures, 43% of all statistics are totally >>> worthless. >>> >>> _______________________________________________ >>> openindiana-discuss mailing list >>> openindiana-discuss@openindiana.org >>> http://openindiana.org/mailman/listinfo/openindiana-discuss >>> _______________________________________________ >>> openindiana-discuss mailing list >>> openindiana-discuss@openindiana.org >>> http://openindiana.org/mailman/listinfo/openindiana-discuss >>> >> >> -- >> Predrag Zečević, Technical Support Analyst, 2e Systems GmbH >> >> Telephone: +49 6196 9505 815, Facsimile: +49 6196 9505 894 >> Mobile: +49 174 3109 288, Skype: predrag.zecevic >> E-mail: predrag.zece...@2e-systems.com >> >> Headquarter: 2e Systems GmbH, Königsteiner Str. 87, >> 65812 Bad Soden am Taunus, Germany Company >> registration: Amtsgericht Königstein (Germany), HRB 7303 >> Managing director: Phil Douglas >> >> http://www.2e-systems.com/ - Making your business fly! >> >> [***]===--- >> Happiness is twin floppies. >> >> _______________________________________________ >> openindiana-discuss mailing list >> openindiana-discuss@openindiana.org >> http://openindiana.org/mailman/listinfo/openindiana-discuss >> _______________________________________________ >> openindiana-discuss mailing list >> openindiana-discuss@openindiana.org >> http://openindiana.org/mailman/listinfo/openindiana-discuss >> > > -- > Predrag Zečević, Technical Support Analyst, 2e Systems GmbH > > Telephone: +49 6196 9505 815, Facsimile: +49 6196 9505 894 > Mobile: +49 174 3109 288, Skype: predrag.zecevic > E-mail: predrag.zece...@2e-systems.com > > Headquarter: 2e Systems GmbH, Königsteiner Str. 87, > 65812 Bad Soden am Taunus, Germany Company > registration: Amtsgericht Königstein (Germany), HRB 7303 > Managing director: Phil Douglas > > http://www.2e-systems.com/ - Making your business fly! > > [***]===--- > Sendmail may be safely run set-user-id to root. -- Eric Allman, "Sendmail > Installation Guide" > > _______________________________________________ > openindiana-discuss mailing list > openindiana-discuss@openindiana.org > http://openindiana.org/mailman/listinfo/openindiana-discuss > _______________________________________________ > openindiana-discuss mailing list > openindiana-discuss@openindiana.org > http://openindiana.org/mailman/listinfo/openindiana-discuss > -- Predrag Zečević, Technical Support Analyst, 2e Systems GmbH Telephone: +49 6196 9505 815, Facsimile: +49 6196 9505 894 Mobile: +49 174 3109 288, Skype: predrag.zecevic E-mail: predrag.zece...@2e-systems.com Headquarter: 2e Systems GmbH, Königsteiner Str. 87, 65812 Bad Soden am Taunus, Germany Company registration: Amtsgericht Königstein (Germany), HRB 7303 Managing director: Phil Douglas http://www.2e-systems.com/ - Making your business fly! [***]===--- From the cradle to the coffin underwear comes first. -- Bertolt Brecht _______________________________________________ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss _______________________________________________ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
