Samba 3.3 And Later Default "ldap ssl" Settings Have Changed

  • Document ID:7008014
  • Creation Date:01-Mar-2011
  • Modified Date:27-Apr-2012
    • Micro Focus Products:
      Open Enterprise Server
    • SUSE Products:
      SUSE Linux Enterprise Server

Environment

Novell Open Enterprise Server 2 (OES 2) Linux
SUSE Linux Enterprise Server 10
SUSE Linux Enterprise Server 11

Situation

Samba 3.3 and later changed the default settings for "ldap ssl" from "no" to "start_tls" which will have a conflict with anyone using "ldaps://" in their passdb backend--such as in OES (NOTE:  ldap:// and ldaps:// is just the start of the URL, and is incomplete without the rest of the URL for this particular setting).  Although it isn't a required upgraded (due to a license change) on SLES 10 (and OES),  an upgraded to Samba 3.4.3 is available under SLES 10 (under the sles10-gplv3-extras) and is supported.
 
ERROR:  "Failed to issue the StartTLS instruction: Operations error"

Resolution

There are a couple of ways to address this issue:
  1. Change the ldap backend from "ldaps://" to "ldap://"
  2. Change "ldap ssl" from "start_tls" back to "no".  If the "ldap ssl" setting is not present under the [global] section of the smb.conf, then add it: "ldap ssl = no"