Why don´t you try ldapsearch -H ldaps://ldap.lih.rwth-aachen.de as Dieter suggest you? I´m not an expert in OpenLdap, but I´ve using it for some years, and some months ago, working with GnuTLS and SSL, I couldn´t contact because in the server certificate the CN was "ldap.server", and I was trying to connect trought ldapsearch -H ldaps://server http://ldap.lih.rwth-aachen.de/ Both of the names were of the same computer, but SSL gave me an error saying me the CN server was "ldap.server", and I was trying to contact with "server".
2009/10/30 Howard Chu hyc@symas.com
Dieter Kluenter wrote:
Howard Chu hyc@symas.com writes:
Dieter Kluenter wrote:
GnuTLS cannot handle the subjectAltName attribute, thus if eihter client and/or server are linked with libgnutls it will cause such problem.
False.
OK, https://savannah.gnu.org/support/index.php?106975 has been fixed.
Note that this bug only affected certificates that contained XMPP subjectAltNames. Since XMPP names are relatively new, most certs aren't affected by this bug.
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/