Re: Client says Can't contact LDAP server, but it can!

On Thu, Jul 24, 2008 at 03:14:33PM -0700, Howard Chu wrote:

Just use -d1 on ldapsearch and you'll get the OpenSSL diagnostic messages.

Now we're getting somewhere!

It tells me:

TLS trace: SSL3 alert write:fatal:unknown CA

I'm using a self-signed certificate, and it worked just fine when this machine was a master LDAP server. I moved /var/lib/ldap, created a new /var/lib/ldap, added the synrepl stuff, and started ldap I've also recreated my certificate a couple of different ways... I'm not sure if this scertificate needs to be 100% unique, or if the OU in the certificate needs to be the same as the OU in the cert on the master server, or ??? neither worked, though.