Error added: 2011-09-05T16:27:46Z
Use certutil for all cert operations.
Oct 27: My slapd config works with out tls. With tls, I get the "do_start_tls failed:stat=-1" in /var/log/messages. My ldap.conf includes tls_start [port 389 /not ssl:636] and a tls_cacert, with a valid cert, made by procedure in www.openldap.org/faq/data/cache/185.html. Ldapsearch works on my client. if I change anything in the certificate, ldapsearch fails. I think I have this setup correctly, I have read and re-read the openldap 2.4 administrators guide, reviewed and used a number of different strategies and technical details to fix this, I am an ldap newbie, I am probably overlooking some design intrinsic that I have no knowledge of, and is not documented in the admin guide. write me if you need more detail. I have been on this for more than a month. Drop me line with any ideas for debugging or getting more info. tob jtobin@po-box.esu.edu
It seems to me that the interface is not yet up when nss tries to connect. Try with setting a higher number to the nss_reconnect_tries option in ldap.conf.
If you know the answer, please add your own solution below.
If you don't know, but find out later, please come back and share your answer - there will be other people
struggling with this too.
If you want to be notified via email when this is solved, enter your email address here: