-----Original Message----- From: terry.lemons@dell.com terry.lemons@dell.com Sent: Thursday, May 11, 2023 1:10 PM To: openldap-technical@openldap.org Subject: Re: Debugging TLS negotiation failure
I'm using a self-signed server certificate, so no CA should be involved. Not sure if that is causing the problem?
Try prepending to your ldapsearch:
"LDAPTLS_REQCERT=allow ldapsearch ..."
I have also noticed that the errors returned when using StartTLS (TCP/389 "ldap://" prefix URIs) are more informative than when using (non-protocol but widely supported) TCP/636 "ldaps://".
Chris Paul | Rex Consulting | https://www.rexconsulting.net