Ubuntu 12.04 LDAP SSL self-signed cert not accepted
The issue is that the version of GnuTLS that is shipped with Ubuntu 12.04 uses a defective crypto back-end.
GnuTLS was supposed to be switched from using gcrypt as the crypto back-end to nettle but there are licensing issues. Specifically some GPL licenses permit linking with newer or older versions of the GPL and some do not.
You can either rebuild GnuTLS from source configured with nettle or hack gcrypt the way Howard Chu suggested someplace. Instructions on the former are in this bug report.
https://bugs.launchpad.net/bugs/926350
Set the LDAPTLS_REQCERT
variable to never
to ignore the certificate on the server which could be expired or invalid i.e.:
LDAPTLS_REQCERT=never ldapsearch -D "cn=drupal-test,ou=Services,dc=example,dc=com" -w my_pass -h ldap.example.com -b "ou=People,dc=example,dc=com" -s sub -x -ZZ "(uid=admin)"
or check the server if it has the right certificate.