> -----Original Message----- > From: terry.lem...@dell.com <terry.lem...@dell.com> > Sent: Thursday, May 11, 2023 1:10 PM > To: openldap-technical@openldap.org > Subject: Re: Debugging TLS negotiation failure > > I'm using a self-signed server certificate, so no CA should be involved. Not > sure if that is causing the problem?
Try prepending to your ldapsearch: "LDAPTLS_REQCERT=allow ldapsearch ..." I have also noticed that the errors returned when using StartTLS (TCP/389 "ldap://" prefix URIs) are more informative than when using (non-protocol but widely supported) TCP/636 "ldaps://". Chris Paul | Rex Consulting | https://www.rexconsulting.net