Ubuntu 12.04 LDAP SSL self-signed cert not accepted

Set the LDAPTLS_REQCERT variable to never to ignore the certificate on the server which could be expired or invalid i.e.:

LDAPTLS_REQCERT=never ldapsearch -D "cn=drupal-test,ou=Services,dc=example,dc=com" -w my_pass -h ldap.example.com -b "ou=People,dc=example,dc=com" -s sub -x -ZZ "(uid=admin)"

or check the server if it has the right certificate.

On the client machine, where you are running ldapsearch, you must have in the ldap.conf

TLS_CACERT /etc/ssl/certs/cacert.crt

I've copied the path from your server configuration where you have stored the CA certificate. Copy the CA certificate from the server to the client at the same location as the path.

See here -- http://www.openldap.org/pub/ksoper/OpenLDAP_TLS.html

Got this same problem, my fail reason is using LDAP on 12.04 (slapd package is built with GNUTLS) together with my cert which is created used openssl (with CA.pl script)

Solution: Recreate self-signed cert by certtool of GNUTLS, then my LDAP with TLS worked.