[Samba] Re: samba (2.2.7a) + openldap (2.0.x)

Buchan Milne bgmilne at cae.co.za
Wed Jan 8 19:32:01 GMT 2003


Buchan Milne wrote:
> 
> Ignacio Coupeau wrote:
> 
>>Buchan Milne wrote:
>>

>>>Hi, I was following some of the howto at
>>>http://www.unav.es/cti/ldap-smb/ldap-smb-2_2-howto.html#patches to
>>>include the ldap referral patches in the samba packages for Mandrake,
>>>but it seems that samba does not compile with the patch (I can give you
>>>the error later, but AFAICR it was incompatible 2nd argument passed to
>>>function on line 289 of pdb_ldap.c (I think where ldap_connect_system
>>>calls auth_rebind_proc).
>>>
>>
>>The tls stuff in the lib/include are a bit special... I going to apply
>>the patch to the latest samba-2.2.7a.
>>
>>If you plan is use starttls the standard openldap libraries (at least in
>>RedHat) should be replaced by ones with start_tls support.
>>
>>Try a search with: ldapsearch -ZZ -H "ldap://<your_FQDN_ldap_server/"
>><filter> <attr list> -d 256
> 
> [bgmilne at bgmilne bgmilne]$ ldapsearch -x -ZZ -H "ldap://ldap.cae.co.za"
> "(uid=bgmilne)" dn -LLL
> dn: uid=bgmilne,ou=People,dc=cae,dc=co,dc=za
> 
> (This is on cooker, but TLS works fine on Mandrake 8.0 through 9.0.
> 
>>also perform a search in the /usr/include:
>>
>>[root at bilbo htdocs]# egrep
>>"LDAP_API_FEATURE_X_OPENLDAP|LDAP_API_VERSION|REFERRAL|TLS" /usr/include/*
>>
>>you should obtain some like:
> 
> This box runs Mandrake cooker, original problem was on my home machine
> running 9.0, but 9.0 ships with 2.0.25-7mdk, and my cooker box currently
> has 2.0.27-1mdk.
> 
>>look for:
>>#define LDAP_API_VERSION 2004
>>#define  LDAP_REFERRAL           0x0a /* LDAPv3 */
>>#define LDAP_CHASE_SUBORDINATE_REFERRALS 0x0020U
>>#define LDAP_CHASE_EXTERNAL_REFERRALS    0x0040U
>>#define LDAP_EXOP_START_TLS "1.3.6.1.4.1.1466.20037"
> 
> On cooker (don't currently have a 9.0 build devel box available, will
> check at home on 9.0) I get:
> 
> /usr/include/ldap.h:#define LDAP_API_VERSION    2004
> /usr/include/ldap.h:#define     LDAP_REFERRAL
> 0x0a /* LDAPv3 */
> /usr/include/ldap.h:#define LDAP_CHASE_SUBORDINATE_REFERRALS    0x0020U
> /usr/include/ldap.h:#define LDAP_CHASE_EXTERNAL_REFERRALS       0x0040U
> /usr/include/ldap.h:#define LDAP_EXOP_START_TLS "1.3.6.1.4.1.1466.20037"
> 
> But, on cooker it seems to compile fine ... so I guess I should upgrade
> to 2.0.27 on my 9.0 boxen that need referrals.

Seems I was wrong (left out ldap switch ...), it doesn't compile on
cooker, here is the error:

Compiling passdb/pdb_ldap.c
passdb/pdb_ldap.c: In function `ldap_connect_system':
passdb/pdb_ldap.c:289: warning: passing arg 2 of `ldap_set_rebind_proc'
from incompatible pointer type
passdb/pdb_ldap.c:289: too many arguments to function `ldap_set_rebind_proc'
make: *** [passdb/pdb_ldap.o] Error 1


> 
> And make the patch conditional so we don't try and apply it on 8.0
> through 9.0 (for which we still build updated samba RPMS for each release).
> 
> Or would it be possible to have referrals work with older openldap
> versions? I see a comment about a ./configure test ....
> 

Anyone else have the referral patch working on 2.2.7a against
openldap-2.0.x ?

Regards,
Buchan

-- 
|--------------Another happy Mandrake Club member--------------|
Buchan Milne                Mechanical Engineer, Network Manager
Cellphone * Work            +27 82 472 2231 * +27 21 8828820x121
Stellenbosch Automotive Engineering         http://www.cae.co.za
GPG Key                   http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7




More information about the samba mailing list