samba4: ldapsearch SSL/TLS problems
Matthieu Patou
mat at samba.org
Tue Jun 8 14:16:30 MDT 2010
Hi Marcel,
Is your pb related to bug 7218
(https://bugzilla.samba.org/show_bug.cgi?id=7218) ?
I have the impression that it is.
Matthieu.
On 08/06/2010 23:54, Marcel Ritter wrote:
> Hi,
>
> quite some time ago, I reported problems with SSL/TSL connections
> in samba4 - with very few replies on the list. Now I decided to give it
> one more try, and see if things have improved in the meantime.
>
> Unfortunately they haven't: SSL/TSL is still broken (at least on my
> system: samba4 latest git, gnutls 2.4.1, ldapsearch/openldap 2.4.12,
> openSUSE 11.1).
>
> Simple (unencrypted) ldapsearch works:
> ldapsearch -x -D TEST\\Administrator -w pw -b dc=test,dc=org -H
> ldap://192.168.1.6
>
> Simple (encrypted, TLS/SSL) ldapsearch doesn't:
> ldapsearch -x -D TEST\\Administrator -w pw -b dc=test,dc=org -H
> ldap://192.168.1.6 -Z
>
> < returns quite some entries (not all), but ends with:>
> ldap_result: Can't contact LDAP server (-1)
>
> To find out where ldapsearch failed, I tried to redirect output to a
> file (adding "> logfile")
> to the above lines. Odd thing is: when redirected to a file I get the
> whole output - no error.
> (adding "| tee logfile" to the command line also makes things work ...).
>
> The only reason for this I can currently think of is some kind of timing
> problem
> (taking longer to write output to terminal and scroll it, than to write
> it to a file?).
>
> Random connection errors also occur on large, encrypted ldap searches
> when using Apache Directory Studio.
>
> Running samba in debug mode (samba -i -M single -d 9) reports
> an error everytime the SSL connection fails:
>
> "TLS gnutls_bye failed - Error in the push function."
>
> Hope someone can confirm this, and maybe provide a fix for it.
>
> Bye,
> Marcel
>
--
Matthieu Patou
Samba Team http://samba.org
More information about the samba-technical
mailing list