ok so I've learned a little bit more about ldapsearch
on the server running TLS I can use the -ZZ directive and connect
then next thing I did was to try and connect from a different machine
using -ZZ with this command
ldapsearch -ZZ -x -h serveraddress -v -b
'uid=tester,ou=People,dc=test,dc=com' this results in the following output
ldap_start_tls: Connect error (-11)
additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
ok fine, that is correct, it does not have the CA cert to use, I tried to
copy the CAcert from the Ldap server but I still get the same error