FW: [Samba] Compiling --with-ldap on Solaris 9

ww m-pubsyssamba pubsyssamba at bbc.co.uk
Mon May 10 10:23:54 GMT 2004


Hello technical list, can anyone comment on my question?

>>
Can anyone from the Samba team tell me with this Bug and similar where the OS is
identified as having a problem/Bug do the Samba team notify and/or work with the
likes of Sun to resolve the issues?

	thanks Andy.
<<


Hi David,

as Paul has stated already you need the OpenLDAP libraries to compile
Samba on a Solaris 9 machine with LDAP or ADS support. The LDAP
libraries from Sun do not provide all necessary functions.

The problem is that compiling with OpenLDAP libraries comes with a price
if you are authenticating Solaris against LDAP using the native Sun
LDAP-Client. Samba will not get any information about secondary groups
from the LDAP server, while everything is OK whith information from
/etc/group.
This behaviour is known as bug #395, which is already closed because it
is not a real bug, see https://bugzilla.samba.org/show_bug.cgi?id=395 .
I would call it a compatibility problem between the LDAP libraries from
Sun and OpenLDAP. (Many thanks to the people at the Sun Center in Berlin
for helping me here)

If you are affected from this problem, there are 3 workarounds known to
me. Please note that I haven't tried all.
* put all group information in /etc/group (don't like this idea)
* use Patch-ID 112960-03 (rev. -04 and -05 should work too)
   with authentication method "simple". With "tls:simple"
   the problem seems to exists for all revisions of this patch. 
* avoid Sun's LDAP completely and shift to OpenLDAP and nss_ldap
   from Padl, see
http://lists.samba.org/archive/samba/2004-February/081509.html

cheers,
Reinhard

-- 
Reinhard Sojka <reinhard.sojka at parlinkom.gv.at>
System- & Networkadmin
Parlamentsdirektion
+43 1 40110 2824

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


More information about the samba-technical mailing list