samba4: ldapsearch SSL/TLS problems

Matthieu Patou mat at
Tue Jun 8 14:16:30 MDT 2010

Hi Marcel,

Is your pb related to bug 7218 
( ?

I have the impression that it is.


On 08/06/2010 23:54, Marcel Ritter wrote:
> Hi,
> quite some time ago, I reported problems with SSL/TSL connections
> in samba4 - with very few replies on the list. Now I decided to give it
> one more try, and see if things have improved in the meantime.
> Unfortunately they haven't: SSL/TSL is still broken (at least on my
> system: samba4 latest git, gnutls 2.4.1, ldapsearch/openldap 2.4.12,
> openSUSE 11.1).
> Simple (unencrypted) ldapsearch works:
>     ldapsearch -x -D TEST\\Administrator -w pw -b dc=test,dc=org -H
> ldap://
> Simple (encrypted, TLS/SSL) ldapsearch doesn't:
>      ldapsearch -x -D TEST\\Administrator -w pw -b dc=test,dc=org -H
> ldap:// -Z
>      <  returns quite some entries (not all), but ends with:>
>      ldap_result: Can't contact LDAP server (-1)
> To find out where ldapsearch failed, I tried to redirect output to a
> file (adding ">  logfile")
> to the above lines. Odd thing is: when redirected to a file I get the
> whole output - no error.
> (adding "| tee logfile" to the command line also makes things work ...).
> The only reason for this I can currently think of is some kind of timing
> problem
> (taking longer to write output to terminal and scroll it, than to write
> it to a file?).
> Random connection errors also occur on large, encrypted ldap searches
> when using Apache Directory Studio.
> Running samba in debug mode (samba -i -M single -d 9) reports
> an error everytime the SSL connection fails:
> "TLS gnutls_bye failed - Error in the push function."
> Hope someone can confirm this, and maybe provide a fix for it.
> Bye,
>     Marcel

Matthieu Patou
Samba Team

More information about the samba-technical mailing list