OK... I added the ldap.conf entries REFERRALS off TLS_REQCERT demand TLS_CACERT /.../eLearningPublic.pem
then tried: #ldapsearch -ZZ -x -D "[email protected]" -W -H "ldap://mldshomdsp01.ce.xyz.com.au"; -b '' -s base -a never It gave: ldap_start_tls: Connect error (-11) additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (unable to get local issuer certificate) and with TLS_REQCERT never TLS_CRLCHECK none it prompted for a password then gave: ldap_bind: Invalid credentials (49) additional info: 8009030C: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 2030, v1db1
