[OpenIndiana-discuss] LDAP Client StartTLS Support

Andre Kruger Andre.Kruger at TRW.COM
Thu Sep 11 09:08:16 UTC 2014 

Hi

I do have the library/openldap package installed,

pkg list -a | grep ldap
SUNWapu13-ldap                                    1.3.9-0.133                --r
SUNWopenldap                                      2.4.11-0.133               --r
library/apr-util-13/apr-ldap                      1.5.2-0.151.1.8            i--
library/openldap                                  2.4.34-0.151.1.8           i--
naming/ldap                                       0.5.11-0.151.1.8           i--
service/network/ldap/opends (opensolaris.org)     2.2.0-0.111                i--
web/library/apache/apr-util-13/apr-ldap           1.3.9-0.134                --r

And searching for the ldapsearch pakage on my system gives the following:

pkg search -l ldapsearch
INDEX      ACTION VALUE                                 PACKAGE
basename   link   usr/lib/openldap/bin/amd64/ldapsearch pkg:/library/openldap at 2.4.34-0.151.1.8
basename   link   usr/lib/openldap/bin/ldapsearch       pkg:/library/openldap at 2.4.34-0.151.1.8
basename   file   usr/bin/ldapsearch                    pkg:/naming/ldap at 0.5.11-0.151.1.8
basename   file   usr/opends/bin/ldapsearch             pkg:/service/network/ldap/opends at 2.2.0-0.111


pkg search -l openldapsearch
INDEX      ACTION VALUE                        PACKAGE
basename   file   usr/bin/amd64/openldapsearch pkg:/library/openldap at 2.4.34-0.151.1.8
basename   file   usr/bin/openldapsearch       pkg:/library/openldap at 2.4.34-0.151.1.8


I understand what you are saying but I don't know how I should use the information. Can you please explain. I don't see where/how I can choose between using ldapsearch or openldapsearch?

When I (try to)join my Samba server to the domain I use the Samba "net ads join" command and that does its own thing.


Regards
André



-----Original Message-----
From: Predrag Zecevic [Unix Systems Administrator] [mailto:Predrag.Zecevic at 2e-systems.com] 
Sent: 11 September 2014 10:12
To: openindiana-discuss at openindiana.org
Subject: Re: [OpenIndiana-discuss] LDAP Client StartTLS Support

Hi,

I guess OI has 2 versions of ldap:
a) SunOS one
b) OpenLDAP

You might want to use (for example) openldapsearch command instead of ldapsearch [NOTE 'open' prefix]

$ pkg search -l ldapsearch
INDEX      ACTION VALUE                                            PACKAGE
basename   file   usr/share/bash-completion/completions/ldapsearch pkg:/utility/bash-completion at 2.1-2014.0.1.0
basename   file   usr/bin/ldapsearch                               pkg:/naming/ldap at 0.5.11-2014.1.2.14627
basename   link   usr/lib/openldap/bin/amd64/ldapsearch            pkg:/library/openldap at 2.4.39-2014.1.2.2
basename   link   usr/lib/openldap/bin/ldapsearch                  pkg:/library/openldap at 2.4.39-2014.1.2.2

So, you might need to install library/openldap package and add /usr/lib/openldap/bin to path before /usr/bin (if you wanna use only name 'ldapsearch') **or** use commands specifying 'open' prefix:

$ pkg search -l openldapsearch
INDEX      ACTION VALUE                        PACKAGE
basename   file   usr/bin/amd64/openldapsearch pkg:/library/openldap at 2.4.39-2014.1.2.2
basename   file   usr/bin/openldapsearch       pkg:/library/openldap at 2.4.39-2014.1.2.2

$ ldd /usr/lib/openldap/bin/ldapsearch
         libldap-2.4.so.2 =>      /usr/lib/libldap-2.4.so.2
         liblber-2.4.so.2 =>      /usr/lib/liblber-2.4.so.2
         libsasl.so.1 =>  /usr/lib/libsasl.so.1
         libnsl.so.1 =>   /lib/libnsl.so.1
         libc.so.1 =>     /lib/libc.so.1
         libresolv.so.2 =>        /lib/libresolv.so.2
         libsocket.so.1 =>        /lib/libsocket.so.1
         libssl.so.1.0.0 =>       /lib/libssl.so.1.0.0
         libcrypto.so.1.0.0 =>    /lib/libcrypto.so.1.0.0
         libmd.so.1 =>    /lib/libmd.so.1
         libmp.so.2 =>    /lib/libmp.so.2
         libdl.so.1 =>    /lib/libdl.so.1
         libgcc_s.so.1 =>         /usr/lib/libgcc_s.so.1
         libm.so.2 =>     /lib/libm.so.2

HTH
Regards.
Predrag Zečević

On 09/11/14 10:03 AM, Andre Kruger wrote:
> I don't think this is a Samba problem I am only providing the info to help the reader understand where I am coming from.
>
> I am trying to join my Samba server to my domain. This previously worked but our AD admins enabled LDAPS on the DCs which broke the connection. Upon retrying to join the domain, running the samba join command in debug mode I get the following:
>
>
> Successfully contacted LDAP server 1.1.1.1 Connected to LDAP server 
> DC1.ad.domain.com StartTLS not supported by LDAP client libraries!
>
>
> Is StartTLS supported by the ldap client we have in OI?
>
> According to this site earlier versions of Solaris did not support it yet so I am not sure if it is supported on the current release of OI.
>
> http://www.informit.com/articles/article.aspx?p=30339&seqNum=3
>
> _______________________________________________
> openindiana-discuss mailing list
> openindiana-discuss at openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss
>

--
Predrag Zečević, Technical Support Analyst, 2e Systems GmbH

Telephone: +49 6196 9505 815, Facsimile: +49 6196 9505 894
Mobile:    +49  174 3109 288,     Skype: predrag.zecevic
E-mail:    predrag.zecevic at 2e-systems.com

Headquarter:          2e Systems GmbH, Königsteiner Str. 87,
                       65812 Bad Soden am Taunus, Germany Company registration: Amtsgericht Königstein (Germany), HRB 7303
Managing director:    Phil Douglas

http://www.2e-systems.com/ - Making your business fly!

[***]===---
According to the latest official figures, 43% of all statistics are totally worthless.

_______________________________________________
openindiana-discuss mailing list
openindiana-discuss at openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

More information about the openindiana-discuss mailing list