[Samba] Solaris nss_ldap vs PADL nss_ldap

Duncan Brannen dbb at st-andrews.ac.uk
Fri Sep 12 11:20:30 GMT 2008 

Hi Alban,
                You can download padl's nss_ldap library from 
http://www.padl.com/Contents/OpenSourceSoftware.html

If you've already configured solaris for groups and password in LDAP, it 
should just work once you replace the Solaris
nss_ldap with the padl one ( back it up first ;)  and add / configure 
/etc/ldap.conf

mine looks like

> TLS_CACERT /etc/certs/cacert.pem
> TLSCIPHERSUITE TLSv1
> host ldap.st-andrews.ac.uk
> rootbinddn <DN of admin user for doing lookups>
> base ou=People,dc=st-andrews,dc=ac,dc=uk
> ldap_version 3
> nss_base_passwd ou=People,dc=st-andrews,dc=ac,dc=uk?one
> nss_base_shadow ou=People,dc=st-andrews,dc=ac,dc=uk?one
> nss_base_group          ou=Groups,dc=st-andrews,dc=ac,dc=uk?one
> ssl start_tls
> tls_cacertfile /etc/certs/<pem encoded public key of our signing 
> certificate?
> tls_cacertdir /etc/certs
> tls_ciphers TLSv1
With the admin user password in /etc/ldap.secret permission 600.


You could also try  group: compat as suggested by Douglas Engert,  I've 
not managed to get back to trying this yet.

> Have you tried using Solaris version withthis in the nsswitch.conf:
>
>  group: compat
>  group_compat ldap
>
> and adding the + in the /etc/group file.
>
> This appears to work as expected, getting groups info from both
> local and ldap.
>
> Or (I have not tried this):
>
>  group: files [SUCCESS=continue] ldap

Cheers,
          Duncan



albanperso-zatoo at yahoo.com wrote:
> Hi Duncan,
>
> I have the same issue on Solaris and Samba (3.028a and 3.31) that is OK for primary groups but not for secondaries.
>
> can you describe how do you get / configurePADL's nss_ldap?
>
> Thanks in advance
>
> Regards
>
> Alban
>
>
> ----- Message d'origine ----
>   
>> De : Duncan Brannen <dbb at st-andrews.ac.uk>
>> À : samba at lists.samba.org
>> Envoyé le : Mercredi, 27 Août 2008, 18h09mn 55s
>> Objet : [Samba] Solaris nss_ldap vs PADL nss_ldap
>>
>>
>>
>> Hi All,
>>           Any thoughts on why, while everything seems ok at the OS level 
>> (getent , id -a ) Samba
>> doesn't pickup any supplementary groups when Solaris is configured with 
>> 'group: files ldap' in
>> nsswitch.conf and using it's own native nss_ldap.so.1 but does when 
>> using PADL's nss_ldap?
>> Everything else is equal.
>>
>> Do they use/accept different calls or could it be an openldap vs native 
>> ldap incompatibility,
>> Samba being compiled against the openldap libraries.
>>
>> Samba seems not to compile against the native libraries due to a lack of 
>> ldap_start_tls_s
>>
>> Solaris 10 and Samba 3.2.2
>>
>> Cheers,
>>           Duncan
>>
>> -- 
>> The University of St Andrews is a charity registered in Scotland : No SC013532
>>
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/listinfo/samba
>>     
>
>
>
>       
>   


-- 
The University of St Andrews is a charity registered in Scotland : No SC013532

More information about the samba mailing list