[Samba] Stymied with samba vs openldap SSL ("Failed to issue the StartTLS instruction...")

Graham Allan allan at physics.umn.edu
Fri Jan 8 21:00:56 UTC 2016

I've followed this through with every idea I can grasp at so far without 
much luck.

I hacked up a quick 30-line c program to connect to ldap using the same 
URI and credentials as used in samba - works fine.

When I follow the execution of smbd in gdb, the problem occurs when calling:

ldap_simple_bind_s(ldap_struct, ldap_state->bind_dn, 

in smbldap_connect_system (smbldap.c), which returns:

failed to bind to server ldaps://ldap1.spa.umn.edu with 
dn="cn=admin,dc=physics,dc=umn,dc=edu" Error: Can't contact LDAP server
error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib

I'm debugging this with samba 3.6 just because it's simpler and with 
fewer dependencies than 4.x

In gdb I can examine ldap_state->bind_dn and ldap_state->bind_secret, 
and see that they are the same as my simple test program. gdb won't show 
me ldap_struct, but it appears to be set up by:

ldap_initialize(ldap_struct, uri)

in smb_ldap_setup_conn, where I can see that uri is also the same as my 
working test program.

So I'm at a loss to explain why it can fail. My test program doesn't 
call ldap_set_option at all, so maybe something smbd does there might 
explain it?

I believe the original poster on this thread is describing the same 
issue (but no resolution):


More information about the samba mailing list