On Thu, 26 Sep 2013, Tian Zhiying wrote:
# ldapsearch -x -b 'ou=people,dc=mydomain,dc=com' -D "cn=interface,dc=mydomain,dc=com" -H ldaps://192.168.1.10 -W ldap_bind: Can't contact LDAP server (-1) additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
The ldapsearch(1) client on that host is unable to verify the certificate presented. See the ldap.conf(5) man page, focusing on the directives TLS_CA*.
Trying something like:
openssl s_client -connect 192.168.1.10:636 -CAfile /dev/null
and experimenting with appropriate values for "/dev/null" may be helpful.