Buchan Milne wrote:
On Thursday 21 February 2008 00:07:28 Mathis, Jim wrote:
OS: RH Enterprise Server 5.1 Server Certificates: Created using a Common Name of "S80.com" Client Certificate: Copied "cacert.pem" from the server and placed into "/etc/openldap/cacerts/"
uri ldaps://192.168.10.1/
CLIENT /ETC/OPENLDAP/LDAP.CONF
URI ldaps://192.168.10.1/
[...]
ldapsearch -x 'uid=jmathis' -H ldaps://192.168.10.1 ldap_bind: Can't contact LDAP server (-1)
The basic rules for SSL validation include "host name you connect to must match subject CN", so, if 192.168.10.1 is S80.com, then -H ldaps://S80.com should work ... but I guess it isn't, so you need to generate a new cert with the name your clients connect to (hostname part of URI).]
Please remember to use the "-d" debug flag when investigating problems like this. There's a reason it's there.