Hi all!
I have a TDS (Tivoli Directory Server) in one of my servers, every time i need to query it i need to go to another server and do it, i'd like to be able to query from my machine, but i can't using openldap, do you guys have a hint/idea/clue??

i use this from another server

idsldapsearch -h ldapserver.homeluna.org -Z -K /opt/PolicyDirector/ssl/homeluna.kdb -P passw0rd -b "" -s base objectclass=*

btw, My servers only accepts SSL conections.

btw, i put the following values inside /etc/openldap/ldap.conf without succeed.

#
# LDAP Defaults
#
BASE l=world
URI ldap://ldapserver.homeluna.org ldap://ldapserver.homeluna.org:636
PORT 636

TLS_CACERT /home/alexrl/Desktop/ldapserver.homeluna.org.cer
TLS_REQCERT demand

alexrl@localhost ~ $ ldapsearch -v -H ldaps://ldapserver.homeluna.org -Dcn=root -w passw0rd -bl=world uid=alex*
ldap_initialize( ldaps://ldapserver.homeluna.org:636/??base )
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

Are you using a self signed cert? If not you may need to make sure the client trusts the cert, or at least doesn't care.

Side note, is the computer you're using a full desktop? If you have a GUI, download and install Apache Directory Studio. I use it at work to manage our linux LDAP environment. Not that you shouldn't learn the CLI

It's working now, i did a change in ldap.conf and now i'm able to query my LDAP server using ssl.

cat /etc/openldap/ldap.conf

BASE l=world
URI ldap://ldapserver.homeluna.org ldap://ldapserver.homeluna.org:636
#HOST ldapserver.homeluna.org
PORT 636
#
TLS_CACERT /home/alexrl/Desktop/www-wi-ait-ldr.cer
TLS_REQCERT allow
#TLS_REQCERT demand
#Setting TLS_REQCERT to allow does the following: If no certificate is provided, the session proceeds normally. If a bad certificate is provided, it will be ignored and the session proceeds normally.

alexrl@localhost $ ~/Desktop $ ldapsearch -v -H ldaps://ldapserver.homeluna.org -Dcn=root -wpassw0rd -bl=world uid=alex* | more
ldap_initialize( ldaps://ldapserver.homeluna.org:636/??base )
filter: uid=alex*