Bug 4758 - ssl/tsl with solaris ldap libs is not yet supported
Summary: ssl/tsl with solaris ldap libs is not yet supported
Status: RESOLVED DUPLICATE of bug 3504
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: Client Tools (show other bugs)
Version: 3.0.25b
Hardware: Sparc Solaris
: P3 enhancement
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
Depends on:
Reported: 2007-07-02 14:18 UTC by Raul
Modified: 2007-08-23 04:17 UTC (History)
1 user (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Raul 2007-07-02 14:18:06 UTC
Steps to reproduce
 $ cd samba-3.0.25b/source

 $ LDFLAGS="-L/usr/lib/" CFLAGS="-I/usr/include -L/usr/lib" ./configure --enable-developer --enable-debug --with-syslog --prefix=/usr/local --enable-socket-wrapper --with-pam_smbpass -with-acl-support --with-winbind --with-pam --with-ldap --with-configdir=/usr/local/etc/samba --mandir=/usr/local/man --with-pammodulesdir=/usr/lib/security

 $ make pam_smbpass

 $ ldd bin/pam_smbpass.so | grep ldap
        libldap.so.5 =>  /usr/lib/libldap.so.5  <------- Solaris ldap Lib

 $ make test_pam_modules
dlopen() of "./bin/pam_smbpass.so" failed: ld.so.1: dlopen: fatal: relocation error: file ././bin/pam_smbpass.so: symbol ldap_start_tls_s: referenced symbol not found

I think I located the line at lib/smbldap.c:526
if ((rc = ldap_start_tls_s (ldap_struct, NULL, NULL)) != LDAP_SUCCESS)  {
but I have noidea how to fix it ;)

This is a Solaris 10 box. Whole reason for linking to the Solaris LDAP libs instead of the OpenLDAP libs is because passwd is linked to the Solaris Libs when when it calls pam_smbpass it segfaults because its mixing OpenLDAP and Solaris LDAP libs.
Comment 1 Raul 2007-08-21 07:39:07 UTC
You must have 
ldap ssl = on
in the smb.conf too, or ldaps://
Comment 2 Björn Jacke 2007-08-21 08:48:55 UTC
this is a known thing that ssl is not working with the solaris ldap libs. the solaris libs do ssl differently from openldap and no one adopted the code for solaris yet. If you use ldap ssl = off, does that work?
Comment 3 Raul 2007-08-21 15:21:40 UTC
Yeah the solaris ldap libs work fine as long as ldap ssl = off.
Comment 4 Björn Jacke 2007-08-23 04:17:18 UTC
actually a dup where we have a proposed patch...

*** This bug has been marked as a duplicate of 3504 ***