On Mon, 2006-01-09 at 15:53 +0100, Jo De Troy wrote: > Hi Susan, > > I was using capital Z in the ldapsearch, I've uncommented "ssl on" > in /etc/ldap.conf > Still the same problem. > # ldapsearch -x -ZZ -h ldapserver -b 'dc=example,dc=com' > '(uid=someuser)' > ldap_start_tls: Connect error (-11) > additional info: Start TLS request accepted.Server willing to > negotiate SSL. > > Any other thought? A quick way to check whether TLS support is enabled in the server is to do something like: $> openssl s_client -showcerts -connect ldapserver:636 Once you've verified that much, then work on getting ldapsearch to work. If it's the OpenLDAP utils you're using, then you want to modify /etc/openldap/ldap.conf - /etc/ldap.conf is used by nss-ldap and pam-ldap. Also, use something like "ldapsearch -d 10" to get better error messages. You may find a problem like the server's certificate can't be verified because you haven't configured the utilities to trust the CA which issued it. You might need something like: TLS_CACERT /etc/pki/tls/cacert.pem Cheers, Mark.
