ldapsearch does not work from server

  • Document ID:7015423
  • Creation Date:24-Jul-2014
  • Modified Date:08-Aug-2014
    • Micro Focus Products:
      eDirectory

Environment

Novell Open Enterprise Server 11 (OES 11) Linux
NetIQ eDirectory

Situation

ldapsearch doesn't work
cannot do a secure ldap bind
ldap search works from other servers
cannot contact ldap server
TLS accept failure

Resolution

One server cannot do an ldap search with a secure bind but the same ldap search command works from another server.
 
To resolve:
  1. Edit /etc/ldap.conf so that it shows only default settings
  2. Edit /etc/openldap/ldap.conf and add TLS_REQCERT ALLOW
  3. Save the setting in openldap/ldap.conf
  4. Restart ldap on the server with nldap -u and nldap -l respectively

Cause

An ldap trace shows a TLS accept failure error coming from the server itself, but other servers do not have that error. The TLS_REQCERT option tells the open ldap client in the server to allow the secure connection from the open ldap client.