Today I had an issue getting a good TLS connection from an OpenLDAP client to an OpenLDAP server on an EC2 instance using the packages supplied by Amazon.
The problem packages were:
The problem was resolved through updating to version 2.4.23-20 via:
yum -y update openldap-clients
The problem was produced via the following ldapsearch command:
# ldapsearch -xZZ -d 4 TLS: did not find any valid CA certificates in /etc/openldap/cacerts TLS: could perform TLS system initialization. TLS: error: could not initialize moznss security context - error -5939:No more entries in the directory TLS: can't create ssl handle. ldap_start_tls: Connect error (-11)