ldap_result: Can't contact LDAP server (-1)

ssl ssl-certificate ldap openldap

Solution 1:

STARTTLS means "explicit TLS" where the connection is established on regular port and then STARTTLS command is sent to initiate SSL handshake and switch to protection mode.

To connect try add -Z or -ZZ switch to ldapsearch:

ldapsearch -x -d 1 -ZZ

is to get the client to use starttls

I am afraid OpenSSL does not support starttls for LDAP protocol now (see man page man s_client about -starttls parameter)

Solution 2:

Just to be clear about it: Did you configure the TLS usage in the OpenLDAP server?

You still need to set a few parameters. For reference, please check http://www.openldap.org/doc/admin24/tls.html#Server%20Configuration

From my understanding your client connects to the LDAP machine, but the LDAP machine does not know which certificate to deliver to the client.

Could you please verify or falsify my guess?

Related

SAN array storage not accessible
How to show which image a GCE VM was created from?
docker run attempts to mount a file I didn't ask for
How to connect an isolated node to a public node via SSH tunnel
How to connect an existing phone-line to asterisk server
How is priority determined in /etc/hosts?
CentOS, OpenSSH, PCI, CVE-2016-10009
How to install Microsoft Edge browser on Windows 10 Enterprise LTSB
How to connect networks from different projects, VPC peering analogue
Network Drive attached as SCSI Dropping the W/R speed on bigger files
Centos 7 Router & firewalld
ZFS Shares not exported until sharenfs property re-set on Ubuntu 16.04