OK. I got it working. I had to add TLS_REQCERT never
in ldap.conf -- Ashwin kumar (http://ashwinkumar.me) On Wed, May 15, 2013 at 1:07 PM, Ashwin Kumar <ashwinkumar...@gmail.com>wrote: > I am using Apache Directory Studio and I have set up the server to run > securely on SSL. > This guide helped me getting it working: > http://directory.apache.org/apacheds/basic-ug/3.3-enabling-ssl.html > > However, when I do use command line tools (ldapsearch) > I end up with: > "ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)" > > Enabling the debug logging for ldapsearch, I end up with > "TLS certificate verification: Error, self signed certificate" > > C:\Users\Ashwin>ldapsearch -x -H ldaps://localhost:10636 -d 1 > ldap_url_parse_ext(ldaps://localhost:10636) > ldap_create > ldap_url_parse_ext(ldaps://localhost:10636/??base) > ldap_sasl_bind > ldap_send_initial_request > ldap_new_connection 1 1 0 > ldap_int_open_connection > ldap_connect_to_host: TCP localhost:10636 > ldap_new_socket: 472 > ldap_prepare_socket: 472 > ldap_connect_to_host: Trying ::1 10636 > ldap_pvt_connect: fd: 472 tm: -1 async: 0 > attempting to connect: > connect errno: 10061 > ldap_close_socket: 472 > ldap_new_socket: 472 > ldap_prepare_socket: 472 > ldap_connect_to_host: Trying 127.0.0.1:10636 > ldap_pvt_connect: fd: 472 tm: -1 async: 0 > attempting to connect: > connect success > TLS trace: SSL_connect:before/connect initialization > TLS trace: SSL_connect:SSLv2/v3 write client hello A > TLS trace: SSL_connect:SSLv3 read server hello A > TLS certificate verification: depth: 0, err: 18, subject: > /C=US/O=ASF/OU=ApacheD > S/CN=zanzibar, issuer: /C=US/O=ASF/OU=ApacheDS/CN=zanzibar > TLS certificate verification: Error, self signed certificate > TLS trace: SSL3 alert write:fatal:unknown CA > TLS trace: SSL_connect:error in SSLv3 read server certificate B > TLS trace: SSL_connect:error in SSLv3 read server certificate B > TLS: can't connect: error:14090086:SSL > routines:SSL3_GET_SERVER_CERTIFICATE:cert > ificate verify failed (self signed certificate). > ldap_err2string > ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) > > How do I get this working? Am I missing something? > > -- > Ashwin kumar > (http://ashwinkumar.me) >