samba4: ldapsearch SSL/TLS problems

Marcel Ritter Marcel.Ritter at
Tue Jun 8 13:54:38 MDT 2010


quite some time ago, I reported problems with SSL/TSL connections
in samba4 - with very few replies on the list. Now I decided to give it
one more try, and see if things have improved in the meantime.

Unfortunately they haven't: SSL/TSL is still broken (at least on my
system: samba4 latest git, gnutls 2.4.1, ldapsearch/openldap 2.4.12,
openSUSE 11.1).

Simple (unencrypted) ldapsearch works:
   ldapsearch -x -D TEST\\Administrator -w pw -b dc=test,dc=org -H

Simple (encrypted, TLS/SSL) ldapsearch doesn't:
    ldapsearch -x -D TEST\\Administrator -w pw -b dc=test,dc=org -H
ldap:// -Z

    < returns quite some entries (not all), but ends with: >
    ldap_result: Can't contact LDAP server (-1)

To find out where ldapsearch failed, I tried to redirect output to a
file (adding "> logfile")
to the above lines. Odd thing is: when redirected to a file I get the
whole output - no error.
(adding "| tee logfile" to the command line also makes things work ...).

The only reason for this I can currently think of is some kind of timing
(taking longer to write output to terminal and scroll it, than to write
it to a file?).

Random connection errors also occur on large, encrypted ldap searches
when using Apache Directory Studio.

Running samba in debug mode (samba -i -M single -d 9) reports
an error everytime the SSL connection fails:

"TLS gnutls_bye failed - Error in the push function."

Hope someone can confirm this, and maybe provide a fix for it.


More information about the samba-technical mailing list