Failed to login to grafana through AD LDAP with SSL enabled

Grafana version: 4.6.3
datasource: influxdb
env: deployed by kubernet, running in container with image grafana/grafana:4.6.3
What did you do:
migrate from openldap login to AD ldap login
What happened:

  1. it has been working fine when connect our openldap server
  2. it works fine when migrate to a new AD ldap server
  3. but It failed login when tried to enable ssl/tls with the new AD ldap server

To enable ssl/tls, here is the change we did from 2) -> 3)

[[servers]]
host = “xxxx.xxxx.xxxx.xxxx” # same AD server as in 2) which support both ssl and non-ssl
port = 636
use_ssl = true
start_tls = true
ssl_skip_verify = false
root_ca_cert = “/etc/grafana/pem/grafana.pem”

  1. and 3) have same ad ldap server, same bind_dn, bind_password, search_filter, search_base_dns, group_search_base_dns (since 2) worked fine, only listed the difference between 2) and 3) above)

Here is erros in log when trying to login
=2018-09-17T22:47:39+0000 lvl=info msg=“Initial bind failed” logger=ldap error=“LDAP Result Code 200 “”: ldap: could not retrieve response”
t=2018-09-17T22:47:39+0000 lvl=eror msg=“Error while trying to authenticate user” logger=context userId=0 orgId=0 uname= error=“LDAP Result Code 200 “”: ldap: could not retrieve response”
t=2018-09-17T22:47:39+0000 lvl=eror msg=“Request Completed” logger=context userId=0 orgId=0 uname= method=POST path=/login status=500 remote_addr=10.124.2.125 time_ms=205 size=53 referer=http://grafana-test-ing.use1.k8s.csg.iacp.io/login

Any suggestions about this problem ? anything we missed when enable ssl/tls ?
Thanks,

Have you tried setting start_tls = false? Usually port 636 is regular tls (enable_ssl = true) not start_tls.

yes, we tried that too. start_tls=false. it did not work. failed login and same error in log when try to login.

This has been fixed. cause by a typo. thanks.