[Samba] Solaris nss_ldap vs PADL nss_ldap
dbb at st-andrews.ac.uk
Fri Sep 12 11:20:30 GMT 2008
You can download padl's nss_ldap library from
If you've already configured solaris for groups and password in LDAP, it
should just work once you replace the Solaris
nss_ldap with the padl one ( back it up first ;) and add / configure
mine looks like
> TLS_CACERT /etc/certs/cacert.pem
> TLSCIPHERSUITE TLSv1
> host ldap.st-andrews.ac.uk
> rootbinddn <DN of admin user for doing lookups>
> base ou=People,dc=st-andrews,dc=ac,dc=uk
> ldap_version 3
> nss_base_passwd ou=People,dc=st-andrews,dc=ac,dc=uk?one
> nss_base_shadow ou=People,dc=st-andrews,dc=ac,dc=uk?one
> nss_base_group ou=Groups,dc=st-andrews,dc=ac,dc=uk?one
> ssl start_tls
> tls_cacertfile /etc/certs/<pem encoded public key of our signing
> tls_cacertdir /etc/certs
> tls_ciphers TLSv1
With the admin user password in /etc/ldap.secret permission 600.
You could also try group: compat as suggested by Douglas Engert, I've
not managed to get back to trying this yet.
> Have you tried using Solaris version withthis in the nsswitch.conf:
> group: compat
> group_compat ldap
> and adding the + in the /etc/group file.
> This appears to work as expected, getting groups info from both
> local and ldap.
> Or (I have not tried this):
> group: files [SUCCESS=continue] ldap
albanperso-zatoo at yahoo.com wrote:
> Hi Duncan,
> I have the same issue on Solaris and Samba (3.028a and 3.31) that is OK for primary groups but not for secondaries.
> can you describe how do you get / configurePADL's nss_ldap?
> Thanks in advance
> ----- Message d'origine ----
>> De : Duncan Brannen <dbb at st-andrews.ac.uk>
>> À : samba at lists.samba.org
>> Envoyé le : Mercredi, 27 Août 2008, 18h09mn 55s
>> Objet : [Samba] Solaris nss_ldap vs PADL nss_ldap
>> Hi All,
>> Any thoughts on why, while everything seems ok at the OS level
>> (getent , id -a ) Samba
>> doesn't pickup any supplementary groups when Solaris is configured with
>> 'group: files ldap' in
>> nsswitch.conf and using it's own native nss_ldap.so.1 but does when
>> using PADL's nss_ldap?
>> Everything else is equal.
>> Do they use/accept different calls or could it be an openldap vs native
>> ldap incompatibility,
>> Samba being compiled against the openldap libraries.
>> Samba seems not to compile against the native libraries due to a lack of
>> Solaris 10 and Samba 3.2.2
>> The University of St Andrews is a charity registered in Scotland : No SC013532
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/listinfo/samba
The University of St Andrews is a charity registered in Scotland : No SC013532
More information about the samba