I'm having trouble figuring out a TLS fatal error. It seems that the certs are being read but a broken pipe appears suddenly (don't know exaclty what does it means).
$ ldapsearch -LLLxWD cn=manager,dc=example,dc=com -b dc=apsidis,dc=com -ZZ -d 3
ldap_start_tls: Connect error (-11)
additional info: A TLS fatal alert has been received.
Here's part of the debug output:
<Some certs info...>
...
tls_write: want=523, written=523
0000: 16 03 03 02 06 10 00 02 02 02 00 9e 22 0e d5 86 ............"...
0010: 69 a5 a2 29 f6 76 11 19 f6 2d db a9 e8 f5 27 26 i..).v...-....'&
0020: da 74 85 e4 22 92 50 37 ef e8 8b 31 6e 32 c6 84 .t..".P7...1n2..
0030: 2c 61 79 65 b0 56 9e bf 3e 97 3d 9a 6d 61 80 70 ,aye.V..>.=.ma.p
0040: f7 d9 dc 5f e6 40 f7 af 12 92 61 4f 56 fe 52 55 ..._.@....aOV.RU
0050: e0 3a 57 21 c4 d4 27 58 20 ba fb e2 74 9e f8 08 .:W!..'X ...t...
0060: ec 4b 2a b1 93 f1 06 e3 0b a8 d1 d1 b3 f8 e4 c4 .K*.............
0070: d4 b7 0a 22 7f a6 01 17 00 92 bb 12 99 68 2a 6f ...".........h*o
0080: 43 96 7d b1 da 80 fb 53 7e a4 71 40 51 50 46 5e C.}....S~.q@QPF^
0090: a8 09 fc ab e9 10 90 27 2f a5 46 16 41 45 1d 95 .......'/.
F.AE..
00a0: 0d f2 d4 a1 d7 62 40 dd ba 5e d2 7a 47 10 14 83 .....b@..^.zG...
00b0: 60 2f be 66 a8 a8 6e 82 1a bc 61 45 d7 6c c2 e5 `/.f..n...aE.l..
00c0: b3 07 b8 e1 6e a7 ca e1 22 50 79 5a 01 60 5f 0d ....n..."PyZ.`_.
00d0: ec f3 f5 a3 c2 f9 9d b1 52 cc 88 f9 65 de 74 58 ........R...e.tX
00e0: c1 b7 a8 e7 b7 c7 81 a0 8b ee 40 8c f3 a5 d2 b5 ..........@.....
00f0: 22 58 bd 87 d5 55 6e 32 a0 b5 2e 7a b7 a5 6b aa "X...Un2...z..k.
0100: 6f ab 32 37 bb bb f7 e5 ed 5c 79 16 93 94 ac 35 o.27.....\y....5
0110: 80 2b 9e d3 e6 c9 7e ef 3f 46 26 64 e4 40 ec f8 .+....~.?F&d.@..
0120: 69 30 3e c5 61 0e 06 3a 2b 88 72 ef df aa d0 50 i0>.a..:+.r....P
0130: b9 b0 8e 7b 0a e1 2a 61 6d d6 75 1a 2d 04 bf 8e ...{..*am.u.-...
0140: 5e 09 ee c0 c2 1e b1 e1 f8 29 78 0f 91 e7 49 1d ^........)x...I.
0150: 9e bf a9 98 31 bc af d6 02 19 f9 3b 5e d2 0f 5e ....1......;^..^
0160: 29 c2 ba 00 7c 52 d5 d6 33 59 4c 16 91 a8 9c 6d )...|R..3YL....m
0170: b6 9c 47 51 97 5a d9 ab 14 9b ba 0a a7 08 36 90 ..GQ.Z........6.
0180: 2f a8 33 0e 27 79 93 02 8f 91 46 92 da 5b e6 7e /.3.'y....F..[.~
0190: db 7a 3a b0 3c c5 c9 98 f4 0a 86 44 94 03 66 d8 .z:.<......D..f.
01a0: b0 36 6e 59 ef 4d c5 03 e3 34 50 be c5 8d 43 e0 .6nY.M...4P...C.
01b0: ba 25 9d b4 74 52 15 5e bc 7c b1 3c 59 3d b7 a2 .%..tR.^.|.<Y=..
01c0: 9a a0 82 d6 8a 83 8f cd b9 39 89 15 e9 f8 35 80 .........9....5.
01d0: 12 65 d3 1e 78 bb 10 d9 a7 0d 43 92 f5 de 01 52 .e..x.....C....R
01e0: be 55 c8 5c 30 93 21 d2 5e d8 87 a0 f0 5e 57 1a .U.\0.!.^....^W.
01f0: 11 c1 04 c7 70 33 01 8f cc 81 58 b4 4d 4c d2 b2 ....p3....
X.ML..
0200: ff 6a ba 80 e5 c3 18 29 5d c8 5e .j.....)].^
tls_write: want=269 error=Broken pipe
Enter LDAP Password:
ldap_sasl_bind
ldap_send_initial_request
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_scanf fmt ({i) ber:
ber_flush2: 47 bytes to sd 3
tls_write: want=269 error=Broken pipe
ldap_write: want=47 error=Broken pipe
ldap_free_request (origid 2, msgid 2)
ldap_free_connection 0 0
ldap_free_connection: refcnt 1
ldap_err2string
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
ldap_free_connection 1 1
ldap_send_unbind
ber_flush2: 7 bytes to sd 3
ldap_write: want=7 error=Broken pipe
ldap_free_connection: actually freed
$