samba4: ldapsearch SSL/TLS problems

Matthieu Patou mat at samba.org
Tue Jun 8 14:36:23 MDT 2010 

So the pb is that there is no easy fix for the moment.

I faced only the pb with postfix, you can mostly replace ldapsearch with 
ldbsearch.

Outlook and a lot of other tools do not have this pb.

Matthieu
On 09/06/2010 00:32, Marcel Ritter wrote:
> On 06/08/2010 10:16 PM, Matthieu Patou wrote:
>    
>> Hi Marcel,
>>      
> Hi Matthieu,
>    
>> Is your pb related to bug 7218
>> (https://bugzilla.samba.org/show_bug.cgi?id=7218) ?
>>
>> I have the impression that it is.
>>      
> That's quite possible - description sounds somewhat familiar.
>    
>> Matthieu.
>>      
> Bye,
>     Marcel
>    
>> On 08/06/2010 23:54, Marcel Ritter wrote:
>>      
>>> Hi,
>>>
>>> quite some time ago, I reported problems with SSL/TSL connections
>>> in samba4 - with very few replies on the list. Now I decided to give it
>>> one more try, and see if things have improved in the meantime.
>>>
>>> Unfortunately they haven't: SSL/TSL is still broken (at least on my
>>> system: samba4 latest git, gnutls 2.4.1, ldapsearch/openldap 2.4.12,
>>> openSUSE 11.1).
>>>
>>> Simple (unencrypted) ldapsearch works:
>>>      ldapsearch -x -D TEST\\Administrator -w pw -b dc=test,dc=org -H
>>> ldap://192.168.1.6
>>>
>>> Simple (encrypted, TLS/SSL) ldapsearch doesn't:
>>>       ldapsearch -x -D TEST\\Administrator -w pw -b dc=test,dc=org -H
>>> ldap://192.168.1.6 -Z
>>>
>>>       <   returns quite some entries (not all), but ends with:>
>>>       ldap_result: Can't contact LDAP server (-1)
>>>
>>> To find out where ldapsearch failed, I tried to redirect output to a
>>> file (adding ">   logfile")
>>> to the above lines. Odd thing is: when redirected to a file I get the
>>> whole output - no error.
>>> (adding "| tee logfile" to the command line also makes things work ...).
>>>
>>> The only reason for this I can currently think of is some kind of timing
>>> problem
>>> (taking longer to write output to terminal and scroll it, than to write
>>> it to a file?).
>>>
>>> Random connection errors also occur on large, encrypted ldap searches
>>> when using Apache Directory Studio.
>>>
>>> Running samba in debug mode (samba -i -M single -d 9) reports
>>> an error everytime the SSL connection fails:
>>>
>>> "TLS gnutls_bye failed - Error in the push function."
>>>
>>> Hope someone can confirm this, and maybe provide a fix for it.
>>>
>>> Bye,
>>>      Marcel
>>>
>>>        
>>
>>      
>    


-- 
Matthieu Patou
Samba Team        http://samba.org

More information about the samba-technical mailing list