I'm working with Ubuntu 12.04, using OpenLDAP server. I've followed the instructions on the Ubuntu help pages and can happily connect without security. To test my connection, I'm using ldapsearch the command looks like:

ldapsearch -xv -H ldap://ldap.[my host].local -b dc=[my domain],dc=local -d8 -ZZ

I've also used:

ldapsearch -xv -H ldaps://ldap.[my host].local -b dc=[my domain],dc=local -d8

As far as I can tell, I've setup my certificate correctly, but no matter why I try, I can't seem to get ldapsearch to accept my self-signed certificate.

So far, I've tried:

• Updating my /etc/ldap/ldap.conf file to look like:

 BASE    dc=[my domain],dc=local
 URI     ldaps://ldap.[my host].local
 TLS_CACERT      /etc/ssl/certs/cacert.crt
 TLS_REQCERT allow

• Updating my /etc/ldap.conf file to look like:

base dc=[my domain],dc=local
uri ldapi:///ldap.[my host].local
uri ldaps:///ldap.[my host].local
ldap_version 3
ssl start_tls
ssl on
tls_checkpeer no
TLS_REQCERT allow

• Updating my /etc/default/slapd to include:

  SLAPD_SERVICES="ldap:/// ldapi:/// ldaps:///"

• Several hours of Googling, most of which resulted in adding the TLS_REQCERT allow

The exact error I'm seeing is:

ldap_initialize( ldap://ldap.[my host].local )
request done: ld 0x20038710 msgid 1
TLS certificate verification: Error, self signed certificate in certificate chain
TLS: can't connect.
ldap_start_tls: Connect error (-11)
    additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

After several hours of this, I was hoping someone else has seen this issue, and/or knows how to fix it. Please do let me know if I should add more information, or if you need further data.