I'm pretty confused, because my clients are setup with almost identical configs, and the server(localhost), and one of my client PC's can connect and use SSL (ldapsearch -H ldaps://heracross.corpedia.internal/ -b dc=corpedia,dc=internal -x -Z), and it returns the correct results, and I can see it using TLS in the slapd log.
I copied the same configs to both boxes
/etc/ldap.conf
----
#host heracross.corpedia.internal
base dc=corpedia,dc=internal
uri heracross.corpedia.internalheracross.corpedia.internal ldap://heracross.corpedia.internal/
binddn cn=root,dc=corpedia,dc=internal
bindpw *****************
scope sub
bind_policy hard
nss_base_passwd dc=corpedia,dc=internal?sub
nss_base_shadow dc=corpedia,dc=internal?sub
nss_base_group dc=corpedia,dc=internal?sub
pam_password md5
ssl yes
tls_cacertdir /etc/openldap/cacerts
-----
I see the following in my slapd error log as I connect as one of the nonworking boxes
root@kyle-laptop:/etc/ldap# ldapsearch -H ldaps://heracross.corpedia.internal/ -b dc=corpedia,dc=internal -x -Z
ldap_start_tls: Can't contact LDAP server (-1)
ldap_bind: Can't contact LDAP server (-1)
-----
connection_get(14): got connid=25
connection_read(14): checking for input on id=25
TLS trace: SSL_accept:before/accept initialization
TLS: can't accept.
connection_read(14): TLS accept failure error=-1 id=25, closing
connection_closing: readying conn=25 sd=14 for close
connection_close: conn=25 sd=14
-----
Here is a nopaste link for my slapd.conf file
http://rafb.net/p/NHjV1a33.html
--
Kyle Corupe
Unix Administrator
Corpedia Corporation
2020 North Central Avenue, Suite 1050
Phoenix, Arizona 85004-4576
Desk:(602)443-2148
Cell: (623)261-2874
kcorupe@corpedia.com