I'm running ldapsearch against a active directory server,
with ldap protocol it works:
ldapsearch -h IP -p 389 -b 'DC=testnet,DC=com' -D 'CN=admin,CN=Users,DC=testnet,DC=com' -w 'XX'
with ldaps protocol it fails:
ldapsearch -H ldaps://10.10.10.20:636 -b 'DC=testnet,DC=com' -D 'CN=admin,CN=Users,DC=testnet,DC=com' -w 'XXX'
strace output:
connect(3, {sa_family=AF_INET, sin_port=htons(636), sin_addr=inet_addr("10.10.10.20")}, 16) = 0
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
From nmap both 389 and 636 ports are open, what was wrong?
EDIT
A certificate is available on port 636:
# openssl s_client -connect 10.10.10.20:636 -showcerts
CONNECTED(00000003)
Can't use SSL_get_servername
depth=0 CN = DC-01.testnet.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = DC-01.testnet.com
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:CN = DC-01.testnet.com
i:DC = com, DC = testnet, CN = testnet-SRV1-CA
...