Hi all,

Apologies for not grasping some rudimentary TLS/SSL concepts with the LDAP protocol, but I have a basic question.

I've configured my OpenLDAP server and have successfully been able to use the posixAccount objectClass to have a user login with pam_ldap over SSH on a client server. However, on the same token, when I try from the client server below to conduct and ldap search, I receive an error:

[root@bar cacerts]# ldapsearch -x -h "ldap.domain.com" -p 636 -v ldap_start_tls: Can't contact LDAP server (-1) ldap_bind: Can't contact LDAP server (-1)

On the server's log file:

Feb 18 23:03:11 firewall slapd[4775]: conn=3 fd=12 ACCEPT from IP=10.0.0.5:1072 (IP=0.0.0.0:636) Feb 18 23:03:11 firewall slapd[4775]: conn=3 fd=12 closed (TLS negotiation failure)

Clearly SSL/TLS is not properly negotiating here, but that's something I need to figure out in a few. My real question here is, when I established an ssh connection with my client server and the client server grabbed the credentials from LDAP server, does the above inadvertently imply that the packets were not negotiated via SSL/TLS? I was only testing ldapsearch to ensure that I have anonymous searches disabled, but the concern that I'm working without encryption spiked my curiosity if my logins are going unencrypted also because that's something I'd ultimately need to address.

Thanks much for any knowledge anyone can pass along!

- Steve