I posted this a week or more ago, but had to leave town and not able to follow up.
Don't know what I'm doing wrong with this one server, wondering if someone could tell me what I am not thinking of... I have two clients on the same network trying to connect to an off network server using TLS. Running the same command on both is successful on one and not on the other. So, I copied the ldap.conf file AND the cacert.pem file to the problem client with no help. I tried -ZZ and '-H ldaps://servername:636/' options, while these work flawlessly from one cient, the second cannot connect using the exact same command with the exact same CA cert and ldap.conf files. Accessing the ldap server without TLS works fine on both clients. Clients are FreeBSD 5.4 and FreeBSD 6.0 servers with openldap 2.2.30 client port packages installed. If the CA cert and ldap.conf has been tested to work OK, what else should I be considering when trying to connect via TLS? I get no issues in the debug.log of the server or client machine. >From client one: genoa# ldapsearch -xZZ -h directory.webtent.net -b "dc=webtent,dc=net" "(uid=robert)" mail ldap_start_tls: Connect error (-11) genoa# ldapsearch -x -H ldaps://directory.webtent.net:636/ -b "dc=webtent,dc=net" "(uid=robert)" mail ldap_bind: Can't contact LDAP server (-1) genoa# ldapsearch -x -h directory.webtent.net -b "dc=webtent,dc=net" "(uid=robert)" mail # extended LDIF # # LDAPv3 # base <dc=webtent,dc=net> with scope sub # filter: (uid=robert) # requesting: mail # # Robert Fitzpatrick, People, webtent.net dn: cn=Robert Fitzpatrick,ou=People,dc=webtent,dc=net mail: [EMAIL PROTECTED] # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 >From client two: esmtp# ldapsearch -x -H ldaps://directory.webtent.net:636/ -b "dc=webtent,dc=net" "(uid=robert)" mail # extended LDIF # # LDAPv3 # base <dc=webtent,dc=net> with scope sub # filter: (uid=robert) # requesting: mail # # Robert Fitzpatrick, People, webtent.net dn: cn=Robert Fitzpatrick,ou=People,dc=webtent,dc=net mail: [EMAIL PROTECTED] # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 -- Robert
