Hi
I have two test systems:
1. I installed Samba from the repos using the package manager.
2. I compiled Samba from source using the latest tarball on samba.org which was
4.1.11.
Both of them behave the same, but I have to note that on system 2 I did not
specify to the "configure" script to use any specific ldap client library. I
mainly let it do its own thing.
Looking at the below I can't tell which ldapsearch Samba is using:
ldd /usr/local/samba/bin/net | grep ldap
libsmbldap.so.0 => /usr/local/samba/lib/libsmbldap.so.0
libldap.so.5 => /usr/lib/libldap.so.5
libcli-ldap-common.so =>
/usr/local/samba/lib/private/libcli-ldap-common.so
libcli_cldap.so => /usr/local/samba/lib/private/libcli_cldap.so
libsmbldaphelper.so =>
/usr/local/samba/lib/private/libsmbldaphelper.so
pkg search -l /usr/lib/libldap.so.5
INDEX ACTION VALUE PACKAGE
path file usr/lib/libldap.so.5 pkg:/system/[email protected]
Regards
André
-----Original Message-----
From: Predrag Zecevic [Unix Systems Administrator]
[mailto:[email protected]]
Sent: 11 September 2014 11:20
To: [email protected]
Subject: Re: [OpenIndiana-discuss] LDAP Client StartTLS Support
Hi,
I was to fast:
$ ldd /usr/bin/net | grep ldap
libldap60.so => /usr/lib/libldap60.so
$ pkg search -l /usr/lib/libldap60.so
INDEX ACTION VALUE PACKAGE
path link usr/lib/libldap60.so
pkg:/library/samba/[email protected]
So, I guess Samba utilities are compiled against SunOS ldap utilities
(Netscape).
You might need to compile it yourself and use openldap utilities.
I might be wrong, but that is my impression.
Regards.
Predrag Zečević
On 09/11/14 11:08 AM, Andre Kruger wrote:
> Hi
>
> I do have the library/openldap package installed,
>
> pkg list -a | grep ldap
> SUNWapu13-ldap 1.3.9-0.133
> --r
> SUNWopenldap 2.4.11-0.133
> --r
> library/apr-util-13/apr-ldap 1.5.2-0.151.1.8
> i--
> library/openldap 2.4.34-0.151.1.8
> i--
> naming/ldap 0.5.11-0.151.1.8
> i--
> service/network/ldap/opends (opensolaris.org) 2.2.0-0.111
> i--
> web/library/apache/apr-util-13/apr-ldap 1.3.9-0.134
> --r
>
> And searching for the ldapsearch pakage on my system gives the following:
>
> pkg search -l ldapsearch
> INDEX ACTION VALUE PACKAGE
> basename link usr/lib/openldap/bin/amd64/ldapsearch
> pkg:/library/[email protected]
> basename link usr/lib/openldap/bin/ldapsearch
> pkg:/library/[email protected]
> basename file usr/bin/ldapsearch
> pkg:/naming/[email protected]
> basename file usr/opends/bin/ldapsearch
> pkg:/service/network/ldap/[email protected]
>
>
> pkg search -l openldapsearch
> INDEX ACTION VALUE PACKAGE
> basename file usr/bin/amd64/openldapsearch
> pkg:/library/[email protected]
> basename file usr/bin/openldapsearch
> pkg:/library/[email protected]
>
>
> I understand what you are saying but I don't know how I should use the
> information. Can you please explain. I don't see where/how I can choose
> between using ldapsearch or openldapsearch?
>
> When I (try to)join my Samba server to the domain I use the Samba "net ads
> join" command and that does its own thing.
>
>
> Regards
> André
>
>
>
> -----Original Message-----
> From: Predrag Zecevic [Unix Systems Administrator]
> [mailto:[email protected]]
> Sent: 11 September 2014 10:12
> To: [email protected]
> Subject: Re: [OpenIndiana-discuss] LDAP Client StartTLS Support
>
> Hi,
>
> I guess OI has 2 versions of ldap:
> a) SunOS one
> b) OpenLDAP
>
> You might want to use (for example) openldapsearch command instead of
> ldapsearch [NOTE 'open' prefix]
>
> $ pkg search -l ldapsearch
> INDEX ACTION VALUE PACKAGE
> basename file usr/share/bash-completion/completions/ldapsearch
> pkg:/utility/[email protected]
> basename file usr/bin/ldapsearch
> pkg:/naming/[email protected]
> basename link usr/lib/openldap/bin/amd64/ldapsearch
> pkg:/library/[email protected]
> basename link usr/lib/openldap/bin/ldapsearch
> pkg:/library/[email protected]
>
> So, you might need to install library/openldap package and add
> /usr/lib/openldap/bin to path before /usr/bin (if you wanna use only name
> 'ldapsearch') **or** use commands specifying 'open' prefix:
>
> $ pkg search -l openldapsearch
> INDEX ACTION VALUE PACKAGE
> basename file usr/bin/amd64/openldapsearch
> pkg:/library/[email protected]
> basename file usr/bin/openldapsearch
> pkg:/library/[email protected]
>
> $ ldd /usr/lib/openldap/bin/ldapsearch
> libldap-2.4.so.2 => /usr/lib/libldap-2.4.so.2
> liblber-2.4.so.2 => /usr/lib/liblber-2.4.so.2
> libsasl.so.1 => /usr/lib/libsasl.so.1
> libnsl.so.1 => /lib/libnsl.so.1
> libc.so.1 => /lib/libc.so.1
> libresolv.so.2 => /lib/libresolv.so.2
> libsocket.so.1 => /lib/libsocket.so.1
> libssl.so.1.0.0 => /lib/libssl.so.1.0.0
> libcrypto.so.1.0.0 => /lib/libcrypto.so.1.0.0
> libmd.so.1 => /lib/libmd.so.1
> libmp.so.2 => /lib/libmp.so.2
> libdl.so.1 => /lib/libdl.so.1
> libgcc_s.so.1 => /usr/lib/libgcc_s.so.1
> libm.so.2 => /lib/libm.so.2
>
> HTH
> Regards.
> Predrag Zečević
>
> On 09/11/14 10:03 AM, Andre Kruger wrote:
>> I don't think this is a Samba problem I am only providing the info to help
>> the reader understand where I am coming from.
>>
>> I am trying to join my Samba server to my domain. This previously worked but
>> our AD admins enabled LDAPS on the DCs which broke the connection. Upon
>> retrying to join the domain, running the samba join command in debug mode I
>> get the following:
>>
>>
>> Successfully contacted LDAP server 1.1.1.1 Connected to LDAP server
>> DC1.ad.domain.com StartTLS not supported by LDAP client libraries!
>>
>>
>> Is StartTLS supported by the ldap client we have in OI?
>>
>> According to this site earlier versions of Solaris did not support it yet so
>> I am not sure if it is supported on the current release of OI.
>>
>> http://www.informit.com/articles/article.aspx?p=30339&seqNum=3
>>
>> _______________________________________________
>> openindiana-discuss mailing list
>> [email protected]
>> http://openindiana.org/mailman/listinfo/openindiana-discuss
>>
>
> --
> Predrag Zečević, Technical Support Analyst, 2e Systems GmbH
>
> Telephone: +49 6196 9505 815, Facsimile: +49 6196 9505 894
> Mobile: +49 174 3109 288, Skype: predrag.zecevic
> E-mail: [email protected]
>
> Headquarter: 2e Systems GmbH, Königsteiner Str. 87,
> 65812 Bad Soden am Taunus, Germany Company
> registration: Amtsgericht Königstein (Germany), HRB 7303
> Managing director: Phil Douglas
>
> http://www.2e-systems.com/ - Making your business fly!
>
> [***]===---
> According to the latest official figures, 43% of all statistics are totally
> worthless.
>
> _______________________________________________
> openindiana-discuss mailing list
> [email protected]
> http://openindiana.org/mailman/listinfo/openindiana-discuss
> _______________________________________________
> openindiana-discuss mailing list
> [email protected]
> http://openindiana.org/mailman/listinfo/openindiana-discuss
>
--
Predrag Zečević, Technical Support Analyst, 2e Systems GmbH
Telephone: +49 6196 9505 815, Facsimile: +49 6196 9505 894
Mobile: +49 174 3109 288, Skype: predrag.zecevic
E-mail: [email protected]
Headquarter: 2e Systems GmbH, Königsteiner Str. 87,
65812 Bad Soden am Taunus, Germany Company registration:
Amtsgericht Königstein (Germany), HRB 7303
Managing director: Phil Douglas
http://www.2e-systems.com/ - Making your business fly!
[***]===---
Happiness is twin floppies.
_______________________________________________
openindiana-discuss mailing list
[email protected]
http://openindiana.org/mailman/listinfo/openindiana-discuss
_______________________________________________
openindiana-discuss mailing list
[email protected]
http://openindiana.org/mailman/listinfo/openindiana-discuss
