samba - Feb 2004 - Solaris 9 and secondary group info from LDAP

Hi,

we are running several test installations of Samba 3 on Solaris 8 and
Solaris 9. On Solaris 9, there is a strange behaviour in terms of
getting secondary group information from LDAP.
With later revisions of patch 112960, only /etc/group is  interpreted,
but there is no query on the LDAP server for (Unix-) group information. 

Here is a short overview about our results:

common configuration: 
        * OpenLDAP-Server
        * native Sun LDAP-Client 
        * Samba 3.0.x (last: 3.0.2rc1) with LDAP support 
        * OpenLDAP Libraries

result:
        * Solaris 8 with patch 108993-23 -> OK
        * Solaris 9 no patches (=very first version) -> OK
        * Solaris 9 with patch 112960-03 -> OK
        * Solaris 9 with patch 112960-08 or higher -> no info about
              secondary groups from LDAP server (no query in server
logs,
              "truss" shows errors)


This behaviour can be watched very nicely in the LDAP server logs, and
if you do a truss on smbd with

truss -u '*' smbd -i

the result looks very similar to this one
http://lists.samba.org/archive/samba-technical/2003-December/033482.html
though he was using Samba 2.2.8a an the iPlanet Directory Server.
( I will provide logs and debug output if anybody is interested. )


Regarding the above test results, I have several questions

* Is this a know problem or bug? 
* Or, at least, is it related to a know problem or bug (bug# 395) ?

* Is it possible to link Samba 3.0.x with Sun/Netscape LDAP libraries? 
   Had no luck with it, didn't find a workaround for the 
   missing ldap_initialize() and ldap_domain2hostlist.

* My impression is that there is something wrong with the interaction
   OpenLDAP libs <-> Solaris libs. Is this assumption correct?
   
* Am I at the right place to ask for help? Is it better to ask the
   people at OpenLDAP.org or, maybe, even at Sun?


Thanks,
Reinhard

-- 
Reinhard Sojka <reinhard.sojka@parlinkom.gv.at>
System- & Networkadmin
Parlamentsdirektion
+43 1 40110 2824

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Did you read comment #11 in

~  https://bugzilla.samba.org/show_bug.cgi?id=395

Looks like a bug in Solaris patch 112960 (>r03)



Sojka Reinhard wrote:

| we are running several test installations of Samba 3 on Solaris 8 and
| Solaris 9. On Solaris 9, there is a strange behaviour in terms of
| getting secondary group information from LDAP.
| With later revisions of patch 112960, only /etc/group is  interpreted,
| but there is no query on the LDAP server for (Unix-) group information.
|
| Here is a short overview about our results:
|
| common configuration:
|         * OpenLDAP-Server
|         * native Sun LDAP-Client
|         * Samba 3.0.x (last: 3.0.2rc1) with LDAP support
|         * OpenLDAP Libraries
|
| result:
|         * Solaris 8 with patch 108993-23 -> OK
|         * Solaris 9 no patches (=very first version) -> OK
|         * Solaris 9 with patch 112960-03 -> OK
|         * Solaris 9 with patch 112960-08 or higher -> no info about
|               secondary groups from LDAP server (no query in server
| logs,
|               "truss" shows errors)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFAI7NdIR7qMdg1EfYRArcVAJsEOAezXhhnJ/fNghPw/PhTdDFgyQCeP+Y2
wCGnq4JLtjeonOzeTYrzaYo=bOCO
-----END PGP SIGNATURE-----