On Fri, May 20, 2011 at 8:40 AM, David Dumortier d.dumortier@free.fr wrote:
With what command-line arguments/options (specifically, what values provided to -h option)?
cat /etc/default/slapd : SLAPD_SERVICES="ldapi:/// ldaps:///"
Thist enable only SSL port (636), TLS on 389 isn't available.
Before doing this, did you verify that slapd is actually listening for ldaps on port 636?
I suspect you are running ldap:// on port 636.
ldapsearch -W -H ldap://myip:636/ ldap_result: Can't contact LDAP server (-1)
No, -H ldaps://myip:636/ (to SSL/ldaps).
ldapsearch -W -H ldaps://myip/ TLS: can't connect: Error in the push function.. ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
No, this will connect on default port 389 with SSL/ldaps, isn't what you want.
ldapsearch -ZZW -H ldaps://myip/ TLS: can't connect: Error in the push function.. ldap_start_tls: Can't contact LDAP server (-1) additional info: Error in the push function.
No, this you need choose TLS (-Z) ou SSL (-H ldaps://...), not both.