Message: 12 Date: Thu, 26 Sep 2013 16:35:38 +0800 From: "Tian Zhiying" tianzy1225@thundersoft.com To: openldap-technical openldap-technical@openldap.org Cc: tianzy1225 tianzy1225@thundersoft.com Subject: Other system use port 636 connect LDAP Server Error Message-ID: 2013092616353831259123@thundersoft.com Content-Type: text/plain; charset="us-ascii"

Hi

In ldap server(localhost) , I execute the below command , it ok. # ldapsearch -x -b 'ou=people,dc=mydomain,dc=com' -D "cn=interface,dc=mydomain,dc=com" -H ldaps://192.168.1.10 -W

But in other linux system is not ok, below is the error info: # ldapsearch -x -b 'ou=people,dc=mydomain,dc=com' -D "cn=interface,dc=mydomain,dc=com" -H ldaps://192.168.1.10 -W ldap_bind: Can't contact LDAP server (-1) additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

LDAP Server is Centos 5.8 64 OS, iptables serverice is closed state. What is the cause?

You have any Suggestions? Thanks.

Because the telnet test worked then I would look at your client config files on that hosts in addition to seeing if the file size/permission of the cert matches the size on the other client that is working. Also try ldapsearch -x -d 1 and see what the output shows.