Hi No I don't use the ldapsearch command myself. That output comes from the "net ads join -U username -d5" command, which is a Samba command to join your Samba server to your domain. After issuing the command you don't have control over what happens next. It could be that the "net ads join" command is using ldapsearch and not openldapsearch but as far as I know there is no way of controlling that.
Because of the error reported by the join command I made the assumption that some underlying software package is needed or alternatively that it is there but that is does not support StartTLS. Which is what I am trying to confirm. Regards André -----Original Message----- From: Predrag Zecevic [Unix Systems Administrator] [mailto:[email protected]] Sent: 11 September 2014 11:13 To: [email protected] Subject: Re: [OpenIndiana-discuss] LDAP Client StartTLS Support Hi, what client command you have used when you get error: "DC1.ad.domain.com StartTLS not supported by LDAP client libraries!" if you have used ldapsearch, just replace command with openldapsearch Regards Predrag Zečević On 09/11/14 11:08 AM, Andre Kruger wrote: > Hi > > I do have the library/openldap package installed, > > pkg list -a | grep ldap > SUNWapu13-ldap 1.3.9-0.133 > --r > SUNWopenldap 2.4.11-0.133 > --r > library/apr-util-13/apr-ldap 1.5.2-0.151.1.8 > i-- > library/openldap 2.4.34-0.151.1.8 > i-- > naming/ldap 0.5.11-0.151.1.8 > i-- > service/network/ldap/opends (opensolaris.org) 2.2.0-0.111 > i-- > web/library/apache/apr-util-13/apr-ldap 1.3.9-0.134 > --r > > And searching for the ldapsearch pakage on my system gives the following: > > pkg search -l ldapsearch > INDEX ACTION VALUE PACKAGE > basename link usr/lib/openldap/bin/amd64/ldapsearch > pkg:/library/[email protected] > basename link usr/lib/openldap/bin/ldapsearch > pkg:/library/[email protected] > basename file usr/bin/ldapsearch > pkg:/naming/[email protected] > basename file usr/opends/bin/ldapsearch > pkg:/service/network/ldap/[email protected] > > > pkg search -l openldapsearch > INDEX ACTION VALUE PACKAGE > basename file usr/bin/amd64/openldapsearch > pkg:/library/[email protected] > basename file usr/bin/openldapsearch > pkg:/library/[email protected] > > > I understand what you are saying but I don't know how I should use the > information. Can you please explain. I don't see where/how I can choose > between using ldapsearch or openldapsearch? > > When I (try to)join my Samba server to the domain I use the Samba "net ads > join" command and that does its own thing. > > > Regards > André > > > > -----Original Message----- > From: Predrag Zecevic [Unix Systems Administrator] > [mailto:[email protected]] > Sent: 11 September 2014 10:12 > To: [email protected] > Subject: Re: [OpenIndiana-discuss] LDAP Client StartTLS Support > > Hi, > > I guess OI has 2 versions of ldap: > a) SunOS one > b) OpenLDAP > > You might want to use (for example) openldapsearch command instead of > ldapsearch [NOTE 'open' prefix] > > $ pkg search -l ldapsearch > INDEX ACTION VALUE PACKAGE > basename file usr/share/bash-completion/completions/ldapsearch > pkg:/utility/[email protected] > basename file usr/bin/ldapsearch > pkg:/naming/[email protected] > basename link usr/lib/openldap/bin/amd64/ldapsearch > pkg:/library/[email protected] > basename link usr/lib/openldap/bin/ldapsearch > pkg:/library/[email protected] > > So, you might need to install library/openldap package and add > /usr/lib/openldap/bin to path before /usr/bin (if you wanna use only name > 'ldapsearch') **or** use commands specifying 'open' prefix: > > $ pkg search -l openldapsearch > INDEX ACTION VALUE PACKAGE > basename file usr/bin/amd64/openldapsearch > pkg:/library/[email protected] > basename file usr/bin/openldapsearch > pkg:/library/[email protected] > > $ ldd /usr/lib/openldap/bin/ldapsearch > libldap-2.4.so.2 => /usr/lib/libldap-2.4.so.2 > liblber-2.4.so.2 => /usr/lib/liblber-2.4.so.2 > libsasl.so.1 => /usr/lib/libsasl.so.1 > libnsl.so.1 => /lib/libnsl.so.1 > libc.so.1 => /lib/libc.so.1 > libresolv.so.2 => /lib/libresolv.so.2 > libsocket.so.1 => /lib/libsocket.so.1 > libssl.so.1.0.0 => /lib/libssl.so.1.0.0 > libcrypto.so.1.0.0 => /lib/libcrypto.so.1.0.0 > libmd.so.1 => /lib/libmd.so.1 > libmp.so.2 => /lib/libmp.so.2 > libdl.so.1 => /lib/libdl.so.1 > libgcc_s.so.1 => /usr/lib/libgcc_s.so.1 > libm.so.2 => /lib/libm.so.2 > > HTH > Regards. > Predrag Zečević > > On 09/11/14 10:03 AM, Andre Kruger wrote: >> I don't think this is a Samba problem I am only providing the info to help >> the reader understand where I am coming from. >> >> I am trying to join my Samba server to my domain. This previously worked but >> our AD admins enabled LDAPS on the DCs which broke the connection. Upon >> retrying to join the domain, running the samba join command in debug mode I >> get the following: >> >> >> Successfully contacted LDAP server 1.1.1.1 Connected to LDAP server >> DC1.ad.domain.com StartTLS not supported by LDAP client libraries! >> >> >> Is StartTLS supported by the ldap client we have in OI? >> >> According to this site earlier versions of Solaris did not support it yet so >> I am not sure if it is supported on the current release of OI. >> >> http://www.informit.com/articles/article.aspx?p=30339&seqNum=3 >> >> _______________________________________________ >> openindiana-discuss mailing list >> [email protected] >> http://openindiana.org/mailman/listinfo/openindiana-discuss >> > > -- > Predrag Zečević, Technical Support Analyst, 2e Systems GmbH > > Telephone: +49 6196 9505 815, Facsimile: +49 6196 9505 894 > Mobile: +49 174 3109 288, Skype: predrag.zecevic > E-mail: [email protected] > > Headquarter: 2e Systems GmbH, Königsteiner Str. 87, > 65812 Bad Soden am Taunus, Germany Company > registration: Amtsgericht Königstein (Germany), HRB 7303 > Managing director: Phil Douglas > > http://www.2e-systems.com/ - Making your business fly! > > [***]===--- > According to the latest official figures, 43% of all statistics are totally > worthless. > > _______________________________________________ > openindiana-discuss mailing list > [email protected] > http://openindiana.org/mailman/listinfo/openindiana-discuss > _______________________________________________ > openindiana-discuss mailing list > [email protected] > http://openindiana.org/mailman/listinfo/openindiana-discuss > -- Predrag Zečević, Technical Support Analyst, 2e Systems GmbH Telephone: +49 6196 9505 815, Facsimile: +49 6196 9505 894 Mobile: +49 174 3109 288, Skype: predrag.zecevic E-mail: [email protected] Headquarter: 2e Systems GmbH, Königsteiner Str. 87, 65812 Bad Soden am Taunus, Germany Company registration: Amtsgericht Königstein (Germany), HRB 7303 Managing director: Phil Douglas http://www.2e-systems.com/ - Making your business fly! [***]===--- All constants are variables. _______________________________________________ openindiana-discuss mailing list [email protected] http://openindiana.org/mailman/listinfo/openindiana-discuss _______________________________________________ openindiana-discuss mailing list [email protected] http://openindiana.org/mailman/listinfo/openindiana-discuss
