[Samba] Samba 2.2.6pre2 + ldapsam + Solaris 9

Adrian Quek adrianq at bii.a-star.edu.sg
Tue Sep 3 10:05:59 GMT 2002 

Adrian Quek wrote:

> Gerald Carter wrote:
>
>>On Tue, 3 Sep 2002, Adrian Quek wrote:
>>
>>  
>>
>>>Hi,
>>>
>>>I've been unable to get samba to work with ldap over ssl or tls on a 
>>>solaris 9 machine. I thought that the ldap in solaris 9 supports tls 
>>>natively now. However I still get the error in my log file :
>>>
>>>    
>>>
>>>>[2002/09/02 16:35:10, 0] passdb/pdb_ldap.c:ldap_open_connection(202)
>>>>  ldap_open_connection: Secure connection not supported by LDAP client 
>>>>libraries!
>>>>      
>>>>
>>>>[2002/09/02 15:03:48, 0] passdb/pdb_ldap.c:ldap_open_connection(187)
>>>>  ldap_open_connection: StartTLS not supported by LDAP client libraries!
>>>>      
>>>>
>>> I've compiled my samba with --with-pam --with-ldapsam 
>>>--with-pam_smbpass --with-ssl. Is it possible to get it working with the 
>>>ldap provided by sun? or do I have to install openldap?
>>>    
>>>
>>
>>Sun was supposed to put SSL in their LDAP client libraries in Solaris 9, 
>>but I've not had a Solaris 9 box to update configure.in to reflect 
>>this....
>>
>>
>>
>>
>>
>>cheers, jerry
>> ---------------------------------------------------------------------
>> Hewlett-Packard                                     http://www.hp.com
>> SAMBA Team                                       http://www.samba.org
>> --                                            http://www.plainjoe.org
>> "Sam's Teach Yourself Samba in 24 Hours" 2ed.      ISBN 0-672-32269-2
>> --"I never saved anything for the swim back." Ethan Hawk in Gattaca--
>>
>>  
>>
> So is there anyway to get around this?
>
> -Adrian
>
With some elementary hacking, I've managed to get samba 2.2.6pre2 to 
work with Sun's ldap. yay! :) A summary of what I did is shown below. I 
couldn't figure out how configure generates the start_tls define in 
config.h, so i just edited it manually. Also I wasn't able to figure out 
how to do SSL instead. I can send U the ldap.h from solaris 9 if it 
helps. Also this is working with pam, pam_smbpass and ldap-sam. We can 
now have a consolidated(unix and samba) username and password in ldap 
and change it all with a single passwd command.

configure
---------

diff configure configure.bak
12279c12279
<     for ac_func in ldapssl_install_routines
---
 >     for ac_func in ldap_start_tls_s


passdb/pdb_ldap.c
-----------------

diff pdb_ldap.c pdb_ldap.c.bak
179c179
<                       if ((rc = ldapssl_install_routines 
(*ldap_struct)) != LDAP
_SUCCESS)
---
 >                       if ((rc = ldap_start_tls_s (*ldap_struct, NULL, 
NULL)) !=
LDAP_SUCCESS)


include/config.h
----------------

diff config.h config.h.bak
643c643
< #define HAVE_LDAP_START_TLS_S
---
 > /* #undef HAVE_LDAP_START_TLS_S */


regards,
Adrian
-------------- next part --------------
HTML attachment scrubbed and removed

More information about the samba mailing list