Am Mon, 2 Nov 2015 17:28:06 +0100
schrieb Matthias Apitz <guru@unixarea.de>:
Hello,
I'm trying to make from FreeBSD a LDAPsearch in some Novell eDirectory
with the following command:
$ ldapsearch -Z -H ldaps://romega:1027 -b 'ou=person,o=uni' -D
[...]
Quite obvious, you initiated startTLS AND ldaps. To my knowledge,
edirectory does not support startTLS, so just omit -Z.
$ ldapsearch -Z -H ldaps://romega:1027 -b 'ou=person,o=uni' -D 'cn=XXXXXXXXXX,ou=service,o=uni' -w XXXXXXXXXX
ldap_start_tls: Can't contact LDAP server (-1)
additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (self signed certificate in certificate chain)