tls issues with clients

["Kyle Corupe" <kcorupe@corpedia.com>]

I'm pretty confused, because my clients are setup with almost identical configs, and the server(localhost), and one of my client PC's can connect and use SSL (ldapsearch -H ldaps://heracross.corpedia.internal/ -b dc=corpedia,dc=internal -x -Z), and it returns the correct results, and I can see it using TLS in the slapd log.


I copied the same configs to both boxes

/etc/ldap.conf
----
#host heracross.corpedia.internal

base dc=corpedia,dc=internal
uri heracross.corpedia.internalheracross.corpedia.internal ldap://heracross.corpedia.internal/
binddn cn=root,dc=corpedia,dc=internal
bindpw *****************
scope sub
bind_policy hard
nss_base_passwd         dc=corpedia,dc=internal?sub
nss_base_shadow         dc=corpedia,dc=internal?sub
nss_base_group          dc=corpedia,dc=internal?sub
pam_password md5

ssl yes
tls_cacertdir /etc/openldap/cacerts
-----



I see the following in my slapd error log as I connect as one of the nonworking boxes

root@kyle-laptop:/etc/ldap# ldapsearch -H ldaps://heracross.corpedia.internal/ -b dc=corpedia,dc=internal -x -Z
ldap_start_tls: Can't contact LDAP server (-1)
ldap_bind: Can't contact LDAP server (-1)
-----
connection_get(14): got connid=25
connection_read(14): checking for input on id=25
TLS trace: SSL_accept:before/accept initialization
TLS: can't accept.
connection_read(14): TLS accept failure error=-1 id=25, closing
connection_closing: readying conn=25 sd=14 for close
connection_close: conn=25 sd=14
-----

Here is a nopaste link for my slapd.conf file
http://rafb.net/p/NHjV1a33.html 



-- 
Kyle Corupe

Unix Administrator
Corpedia Corporation
2020 North Central Avenue, Suite 1050
Phoenix, Arizona 85004-4576
Desk:(602)443-2148
Cell: (623)261-2874
kcorupe@corpedia.com