Ubuntu OpenLDAP self-signed cert woes
 

So I have my openldap server working perfectly without TLS. Running Ubuntu 12.04.4 and OpenLDAP 2.4. I have built my own CA and created a cert for the server as well. After adding my certs with the proper ldif file it still will not trust my certs.

I ran "ldapsearch -x -H ldap://Domain.Name/ -ZZ -d -1"

and it spit this out making me think its a trust issue:

TLS: peer cert untrusted or revoked (0x42)
TLS: can't connect: (unknown error code).
ldap_err2string
ldap_start_tls: Connect error (-11)
additional info: (unknown error code)

I googled my head off trying to find a solution but all of the guides say to edit the server's ldap.conf file which doesn't exist on my server. I literally tried to "locate ldap.conf" and got nothing.

I've also tried importing my CA cert into ubuntu's root cert store which didn't work.

anybody got any ideas?

Turns out I needed to just manually make the /etc/ldap/ldap.conf file and put this in it

TLS_CACERT /etc/ldap/ssl/ca.crt
TLS_REQCERT demand

after that my queries now work. It still fails for other applications like owncloud and squid.

Turns out this fixed all my issues.