ldapsearch over SSL can not bind

Herbert J. Skuhra herbert at oslo.ath.cx
Tue Nov 3 06:50:09 UTC 2015

On Mon, Nov 02, 2015 at 05:22:14PM +0100, Matthias Apitz wrote:
> Hello,
> I'm trying to make from FreeBSD a LDAPsearch in some Novell eDirectory
> with the following command:
> $ ldapsearch -Z -H ldaps://romega:1027 -b 'ou=person,o=uni' -D 'cn=XXXXXXXXXX,ou=service,o=uni' -w XXXXXXXXXX
> ldap_start_tls: Can't contact LDAP server (-1)
> 	additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (self signed certificate in certificate chain)
> ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

Have you tried the TLS_ vars in ldap.conf(5); eg. TLS_CACERT,


More information about the freebsd-questions mailing list