[Samba] LDAP problem

Brian Candler b.candler at pobox.com
Sun Feb 5 12:10:17 UTC 2017

On 03/02/2017 12:14, Lukz Ferris wrote:
> But one day, I don't know why, I couldn't use more ldapsearch or ldapadd. They return this:
> ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
> I'm using the same command as always, like:
> ldapsearch -H "ldaps://devsamba.lucas.ufes.br:636" -w '*******' -D "cn­ministrator,cn=users,dc=lucas,dc=ufes,dc=br" -x -b "dc=lucas,dc=ufes,dc=br"

This error suggests a problem with your certificate. If it used to work 
previously, then check it hasn't expired.

     openssl s_client -connect devsamba.lucas.ufes.br:636

copy-paste the certificate into a pem file, including begin/end lines

     openssl x509 -in mycert.pem -noout -enddate

And check your root CA cert hasn't expired:

     openssl x509 -in /usr/local/samba/private/tls/cert.pem -noout -enddate

More information about the samba mailing list