OpenLDAP 2.3.4 TLS negotiation failure - openldap-technical

23 Oct 2013


      Hi
On the LDAP Server , I run following command is ok:
#ldapsearch -x -H ldap://ldap.server.com -ZZ 
#ldapsearch -x -H ldap://ldap.server.com
But on my client , I run "#ldapsearch -x -H ldap://ldap.server.com", is ok;
Run "#ldapsearch -x -H ldap://ldap.server.com -ZZ" , I get the following error:
 [root@client cacerts]# ldapsearch -x -H ldap://ldap.server.com -ZZ
ldap_start_tls: Connect error (-11)
On LDAP Server log file, I get the following error messages:
Oct 23 16:41:25 auth slapd[4213]: conn=206 fd=24 ACCEPT from IP=192.168.9.9:45648 (IP=0.0.0.0:389)
Oct 23 16:41:25 auth slapd[4213]: conn=206 op=0 STARTTLS
Oct 23 16:41:25 auth slapd[4213]: conn=206 op=0 RESULT oid= err=0 text=
Oct 23 16:41:25 auth slapd[4213]: conn=206 fd=24 closed (TLS negotiation failure)
My client ldap configuration:
/etc/openldap/ldap.conf file:
URI ldap://ldap.server.com/
BASE dc=server,dc=com
TLS_CACERT /etc/openldap/cacerts/ca.crt
SSL ON
TLS_REQCERT demand
/etc/ldap.conf file:
BASE dc=server,dc=com
URI ldap://ldap.server.com
SSL ON
TLS_CACERT /etc/openldap/cacert/ca.crt
TLS_REQCERT demand
Any suggestion what cause TLS negotiation failure?
Thanks!
Tian Zhiying