All,

Very similar issue that Warron was/is having. 

Server1: # ldapsearch -W -x -ZZ -b cn=config -v -D cn=admin,cn=config

Server1: # ldapsearch -W -x -ZZ -H ldap://server2.example.ldap -b cn=config -v -D cn=admin,cn=config

These commands work (they returns the dbase as expect & desired), both servers are clients to themselves and the other server (using self-signed wildcard certificates)

Both ldap.confs are identical, the one on server1 was used on server2.  The URI directive looks like:

uri ldap://server1.example.ldap ldap://server1.<FQDN> ldap://server2.example.ldap ldap://server2.<FQDN>

Server2:

a)      # ldapsearch -W -x -ZZ -b cn=config -v -D cn=admin,cn=config

      Fails with:

      ldap_initialize( <DEFAULT> )

             ldap_start_tls: Connect error (-11)

b)      # ldapsearch -W -x -ZZ -H ldap://server2.example.ldap -b cn=config -v -D cn=admin,cn=config

ldap_initialize( ldap://server2.example.ldap:389/??base )

ldap_start_tls: Connect error (-11)

c)       # ldapsearch -W -x -ZZ -h ldap://server1.example.ldap -b cn=config -v -D cn=admin,cn=config

d)      ldap_initialize( ldap://ldap:%2F%2Fserver1.example.ldap)

e)      Could not create LDAP session handle for URI=ldap://ldap:%2F%2Fgp42-admin4.llan.ll.mit.edu (-9): Bad parameter to an ldap routine

There is one other client that like server1 can search the dbase(s) on both servers (it too is a client of both servers).

Any ideas at what to look for?

thanks in advance

John D. Borresen (Dave)

Linux/Unix Systems Administrator

MIT  Lincoln Laboratory

Surveillance Systems Group

244 Wood St

Lexington, MA  02420

Ph: (781) 981-1609

Email: john.borresen@ll.mit.edu