On Mon, Jul 21, 2008 at 8:30 AM, John Oliver joliver@john-oliver.net wrote:
What can I do to troubleshoot this? OpenLDAP client says ldap_simple_bind Can't contact LDAP server but it can resolve the name, ping the server, connect to port 636... and I have no details as to why it thinks it cannot contact the server. Many other clients authenticate to the same server, and I'm using the same ldap.conf, nsswitch.conf, and pam.d/system-auth files.
Apart from seeing configurations and command lines, I have found the full output of the openssl client to be useful for diagnosing my own ldaps issues: echo | openssl s_client -debug -showcerts -connect SERVER:636 2>&1 | tee /tmp/ssl.log
The openssl client connects to the server and negotiates SSL. Along the way it verifies the certificate path. If it encounters an error, it usually gives a useful error message.