Ubuntu 12.04 LDAP SSL self-signed cert not accepted
Set the LDAPTLS_REQCERT
variable to never
to ignore the certificate on the server which could be expired or invalid i.e.:
LDAPTLS_REQCERT=never ldapsearch -D "cn=drupal-test,ou=Services,dc=example,dc=com" -w my_pass -h ldap.example.com -b "ou=People,dc=example,dc=com" -s sub -x -ZZ "(uid=admin)"
or check the server if it has the right certificate.
On the client machine, where you are running ldapsearch, you must have in the ldap.conf
TLS_CACERT /etc/ssl/certs/cacert.crt
I've copied the path from your server configuration where you have stored the CA certificate. Copy the CA certificate from the server to the client at the same location as the path.
See here -- http://www.openldap.org/pub/ksoper/OpenLDAP_TLS.html
Got this same problem, my fail reason is using LDAP on 12.04 (slapd package is built with GNUTLS) together with my cert which is created used openssl (with CA.pl script)
Solution: Recreate self-signed cert by certtool of GNUTLS, then my LDAP with TLS worked.