>Message: 12 >Date: Thu, 26 Sep 2013 16:35:38 +0800 >From: "Tian Zhiying" <[email protected]> >To: openldap-technical <[email protected]> >Cc: tianzy1225 <[email protected]> >Subject: Other system use port 636 connect LDAP Server Error >Message-ID: <[email protected]> >Content-Type: text/plain; charset="us-ascii"
>Hi >In ldap server(localhost) , I execute the below command , it ok. ># ldapsearch -x -b 'ou=people,dc=mydomain,dc=com' -D >"cn=interface,dc=mydomain,dc=com" -H ldaps://192.168.1.10 -W >But in other linux system is not ok, below is the error info: ># ldapsearch -x -b 'ou=people,dc=mydomain,dc=com' -D >"cn=interface,dc=mydomain,dc=com" -H ldaps://192.168.1.10 -W >ldap_bind: Can't contact LDAP server (-1) > additional info: error:14090086:SSL > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed >LDAP Server is Centos 5.8 64 OS, iptables serverice is closed state. What is >the cause? >You have any Suggestions? Thanks. Because the telnet test worked then I would look at your client config files on that hosts in addition to seeing if the file size/permission of the cert matches the size on the other client that is working. Also try ldapsearch -x -d 1 and see what the output shows.
