[Samba] Compiling --with-ldap on Solaris 9

Sojka Reinhard reinhard.sojka at parlinkom.gv.at
Thu May 6 13:39:45 GMT 2004

Hi David,

as Paul has stated already you need the OpenLDAP libraries to compile
Samba on a Solaris 9 machine with LDAP or ADS support. The LDAP
libraries from Sun do not provide all necessary functions.

The problem is that compiling with OpenLDAP libraries comes with a price
if you are authenticating Solaris against LDAP using the native Sun
LDAP-Client. Samba will not get any information about secondary groups
from the LDAP server, while everything is OK whith information from
This behaviour is known as bug #395, which is already closed because it
is not a real bug, see https://bugzilla.samba.org/show_bug.cgi?id=395 .
I would call it a compatibility problem between the LDAP libraries from
Sun and OpenLDAP. (Many thanks to the people at the Sun Center in Berlin
for helping me here)

If you are affected from this problem, there are 3 workarounds known to
me. Please note that I haven't tried all.
* put all group information in /etc/group (don't like this idea)
* use Patch-ID 112960-03 (rev. -04 and -05 should work too)
   with authentication method "simple". With "tls:simple"
   the problem seems to exists for all revisions of this patch. 
* avoid Sun's LDAP completely and shift to OpenLDAP and nss_ldap
   from Padl, see


Reinhard Sojka <reinhard.sojka at parlinkom.gv.at>
System- & Networkadmin
+43 1 40110 2824

More information about the samba mailing list