RE: Debugging TLS negotiation failure

11 May 2023


      ...
-----Original Message-----
From: terry.lemons@dell.com terry.lemons@dell.com
Sent: Thursday, May 11, 2023 1:10 PM
To: openldap-technical@openldap.org
Subject: Re: Debugging TLS negotiation failure
I'm using a self-signed server certificate, so no CA should be involved. Not
sure if that is causing the problem?
Try prepending to your ldapsearch:
"LDAPTLS_REQCERT=allow ldapsearch ..."
I have also noticed that the errors returned when using StartTLS (TCP/389 "ldap://" prefix URIs) are more informative than when using (non-protocol but widely supported) TCP/636 "ldaps://".
Chris Paul | Rex Consulting | https://www.rexconsulting.net

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

RE: Debugging TLS negotiation failure