Re: Re : [Samba] Solaris nss_ldap vs PADL nss_ldap

Fri, 12 Sep 2008 04:23:26 -0700 


Hi Alban,
You can download padl's nss_ldap library from http://www.padl.com/Contents/OpenSourceSoftware.html 


If you've already configured solaris for groups and password in LDAP, it 
should just work once you replace the Solaris
nss_ldap with the padl one ( back it up first ;)  and add / configure 
/etc/ldap.conf


mine looks like


TLS_CACERT /etc/certs/cacert.pem
TLSCIPHERSUITE TLSv1
host ldap.st-andrews.ac.uk
rootbinddn <DN of admin user for doing lookups>
base ou=People,dc=st-andrews,dc=ac,dc=uk
ldap_version 3
nss_base_passwd ou=People,dc=st-andrews,dc=ac,dc=uk?one
nss_base_shadow ou=People,dc=st-andrews,dc=ac,dc=uk?one
nss_base_group          ou=Groups,dc=st-andrews,dc=ac,dc=uk?one
ssl start_tls

tls_cacertfile /etc/certs/<pem encoded public key of our signing 
certificate?

tls_cacertdir /etc/certs
tls_ciphers TLSv1

With the admin user password in /etc/ldap.secret permission 600.



You could also try  group: compat as suggested by Douglas Engert,  I've 
not managed to get back to trying this yet.



Have you tried using Solaris version withthis in the nsswitch.conf:

 group: compat
 group_compat ldap

and adding the + in the /etc/group file.

This appears to work as expected, getting groups info from both
local and ldap.

Or (I have not tried this):

 group: files [SUCCESS=continue] ldap


Cheers,
         Duncan



[EMAIL PROTECTED] wrote:

Hi Duncan,

I have the same issue on Solaris and Samba (3.028a and 3.31) that is OK for 
primary groups but not for secondaries.

can you describe how do you get / configurePADL's nss_ldap?

Thanks in advance

Regards

Alban


----- Message d'origine ----

  

De : Duncan Brannen <[EMAIL PROTECTED]>
À : samba@lists.samba.org
Envoyé le : Mercredi, 27 Août 2008, 18h09mn 55s
Objet : [Samba] Solaris nss_ldap vs PADL nss_ldap



Hi All,

          Any thoughts on why, while everything seems ok at the OS level 
(getent , id -a ) Samba
doesn't pickup any supplementary groups when Solaris is configured with 
'group: files ldap' in
nsswitch.conf and using it's own native nss_ldap.so.1 but does when 
using PADL's nss_ldap?

Everything else is equal.


Do they use/accept different calls or could it be an openldap vs native 
ldap incompatibility,

Samba being compiled against the openldap libraries.


Samba seems not to compile against the native libraries due to a lack of 
ldap_start_tls_s


Solaris 10 and Samba 3.2.2

Cheers,
          Duncan

--
The University of St Andrews is a charity registered in Scotland : No SC013532

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

    





      
  



--
The University of St Andrews is a charity registered in Scotland : No SC013532

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba






















					Reply via email to