I have recently regenerated my SSL certificates using the following guide:
Recreating Server Certificates on OES Linux - CoolSolutionsWiki

I had no trouble creating new certs in ConsoleOne, exporting from eDirectory, and importing into the server.

There are no bind restrictions in the LDAP server properties. Both secure and non-secure ports are enabled.

ndstrace shows the following log entries correlating to a failed login attempt using ldapsearch.
Code:
 /usr/ldaptools/bin/ldapsearch -b o=griscomp -D cn=admin,ou=resources,ou=holly,o=griscomp -e /etc/opt/novell/SSCert.der -h 192.168.0.3 -p 636 -W -Z
New TLS connection 0x837cd28 from 192.168.0.3:4275, monitor = 0x42e29bb0, index = 1
Monitor 0x42e29bb0 initiating TLS handshake on connection 0x837cd28
(127.0.0.1:4275)(0x0000:0x00) DoTLSHandshake on connection 0x837cd28
(127.0.0.1:4275)(0x0000:0x00) TLS accept failure 1 on connection 0x837cd28, setting err = -5875. Error stack:
error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
(127.0.0.1:4275)(0x0000:0x00) TLS handshake failed on connection 0x837cd28, err = -5875
Server closing connection 0x837cd28, socket error = -5875
Connection 0x837cd28 closed

The following is the log associated with a successful non-secure connection from the server.

esources,ou=holly,o=griscomp, version:3, authentication:simple
(192.168.0.3:4436)(0x0001:0x60) Sending (192.168.0.3:4436)(0x0001:0x60) DoBind on c(192.168.0.3:4436)(0x0002:0x63) DoSearch on connection 0x8482c40
(192.168.0.3:4436)(0x0002:0x63) Search request:
base: "o=griscomp"
scope:2 dereference:0 sizelimit:0 timelimit:0 attrsonly:0
filter: "(objectclass=*)"
no attributes
(192.168.0.3:4436)(0x0(192.168.0.3:4436)(0x0002:0x 63) DoSearch on connection 0x8482c40
(192.168.0.3:4436)(0x0002:0x63) Search request:
base: "o=griscomp"
scope:2 dereference:0 sizelimit:0 timelimit:0 attrsonly:0
filter: "(objectclass=*)"
no attributes
(192.168.0.3:4436)(0x0002:0x63) Sending operation result 0:"":"" to connection 0x8482c40
(192.168.0.3:4436)(0x0003:0x42) DoUnbind on connection 0x8482c40
Connection 0x8482c40 closed

The following is the log associated with a successful SSL connection from a workstation.

New TLS connection 0x837cd28 from 192.168.2.155:4766, monitor = 0x42e29bb0, index = 1
Monitor 0x42e29bb0 initiating TLS handshake on connection 0x837cd28
(192.168.2.155:4766)(0x0000:0x00) DoTLSHandshake on connection 0x837cd28
(192.168.2.155:4766)(0x0000:0x00) Completed TLS handshake on connection 0x837cd28
(192.168.2.155:4766)(0x0002:0x63) Sending search result entry "" to connection 0x837cd28
(192.168.2.155:4766)(0x0002:0x63) Sending operation result 0:"":"" to connection 0x837cd28
(192.168.2.155:4766)(0x0003:0x50) DoAbandon on connection 0x837cd28
(192.168.2.155:4766)(0x0003:0x50) Abandon could not find operation msgID 2 on connection 0x837cd28
(192.168.2.155:4766)(0x0004:0x63) DoSearch on connection 0x837cd28
(192.168.2.155:4766)(0x0004:0x63) Sending search result entry "" to connection 0x837cd28
(192.168.2.155:4766)(0x0004:0x63) Sending operation result 0:"":"" to connection 0x837cd28
(192.168.2.155:4766)(0x0005:0x63) DoSearch on connection 0x837cd28
(192.168.2.155:4766)(0x0005:0x63) Sending search result entry "" to connection 0x837cd28
(192.168.2.155:4766)(0x0005:0x63) Sending operation result 0:"":"" to connection 0x837cd28
(192.168.2.155:4766)(0x0006:0x63) DoSearch on connection 0x837cd28
(192.168.2.155:4766)(0x0006:0x63) Sending search result entry "" to connection 0x837cd28
(192.168.2.155:4766)(0x0006:0x63) Sending operation result 0:"":"" to connection 0x837cd28
(192.168.2.155:4766)(0x0007:0x50) DoAbandon on connection 0x837cd28
(192.168.2.155:4766)(0x0007:0x50) Abandon could not find operation msgID 5 on connection 0x837cd28
(192.168.2.155:4766)(0x0008:0x63) DoSearch on connection 0x837cd28
(192.168.2.155:4766)(0x0008:0x63) Sending search result entry "cn=schema" to connection 0x837cd28
(192.168.2.155:4766)(0x0008:0x63) Sending operation result 0:"":"" to connection 0x837cd28
(192.168.2.155:4766)(0x0009:0x50) DoAbandon on connection 0x837cd28
(192.168.2.155:4766)(0x0009:0x50) Abandon could not fi(192.168.2.155:4766)(0x000a:0x63) DoSearch on connec(192.168.2.155:4766)(0x000a:0x63) DoSearch on connection 0x837cd28
(192.168.2.155:4766)(0x000a:0x63) Sending search result entry "cn=schema" to connection 0x837cd28
(192.168.2.155:4766)(0x000a:0x63) Sending operation result 0:"":"" to connection 0x837cd28
(192.168.2.155:4766)(0x000b:0x50) DoAbandon on connection 0x837cd28
(192.168.2.155:4766)(0x000b:0x50) Abandon could not find operation msgID 10 on connection 0x837cd28

`ldapconfig get` shows:
NLDAP server configuration utility for Novell eDirectory 8.7.3.7 v10554.24
User FDN:admin.resources.holly.griscomp
Password:

LDAP Server Configuration:
LDAP Server: CN=LDAP Server - enterprise.OU=resources.OU=holly.O=griscomp
LDAP Group: CN=LDAP Group - enterprise.OU=resources.OU=holly.O=griscomp
LDAP Screen Level: all
searchSizeLimit: 0
searchTimeLimit: 0
LDAP Server Bind Limit: 0
LDAP Server Idle Timeout: 0
LDAP Enable TCP: yes
LDAP Enable SSL: yes
LDAP TCP Port: 389
LDAP SSL Port: 636
filteredReplicaUsage: 0
LDAP:keyMaterialName: SSL CertificateDNS
nonStdClientSchemaCompatMode: no
ldapEnablePSearch: yes
ldapMaximumPSearchOperations: 0
ldapIgnorePSearchLimitsForEvents: yes
ldapEnableMonitorEvents: yes
ldapMaximumMonitorEventsLoad: 0
ldapTLSRequired: no
ldapTLSVerifyClientCertificate: 0
ldapNonStdAllUserAttrsMode: yes
ldapBindRestrictions: 0 (no restriction)
LDAP:searchReferralUsage: Prefer Chaining
LDAP:otherReferralUsage: Prefer Chaining
Require TLS for Simple Binds with Password: no

netstat -an |grep "389|636" shows that it is listening
tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN

lsof -i |grep ldap shows nds not groupwise is listening.
gwmta 5349 root 56u IPv4 82272 TCP 192.168.0.3:1097->192.168.0.3:389 (CLOSE_WAIT)
gwmta 5349 root 57u IPv4 390474 TCP 192.168.0.3:3037->192.168.0.3:389 (CLOSE_WAIT)
ndsd 31341 root 160u IPv4 645241 TCP *:389 (LISTEN)
ndsd 31341 root 162u IPv4 645243 TCP *:636 (LISTEN)
ndsd 31341 root 190u IPv4 652855 TCP 192.168.0.3:636->192.168.2.155:4766 (ESTABLISHED)

If I try to add the LDAP server in YaST -> OES LDAP Configuration I get:

┌───────────────────────────────────────────────── ──────┐
│ Credentials Failed │
│ User credentials failed to validate Using:
│ Server: 192.168.0.3
│ User: cn=admin.ou=resources.ou=holly.o=griscomp
│ LDAP port: 636 │
│ Do you want to continue anyway? │
│ [Yes] [No ] │
│ └───────────────────────────────────────────────── ──────┘

Which generates the following in ndstrace
New TLS connection 0x8482c40 from 192.168.0.3:4712, monitor = 0x42e29bb0, index = 2
Monitor 0x42e29bb0 initiating TLS handshake on connection 0x8482c40
(192.168.0.3:4712)(0x0000:0x00) DoTLSHandshake on connection 0x8482c40
(192.168.0.3:4712)(0x0000:0x00) Completed TLS handshake on connection 0x8482c40
(192.168.0.3:4712)(0x0001:0x60) DoBind on connection 0x8482c40
(192.168.0.3:4712)(0x0001:0x60) Bind name:cn=admin,ou=resources,ou=holly,o=griscomp, version:3, authentication:simple
(192.168.0.3:4712)(0x0001:0x60) Failed to authenticate local on connection 0x8482c40, err = failed authentication (-669)
(192.168.0.3:4712)(0x0001:0x60) Sending operation result 49:"":"NDS error: failed authentication (-669)" to connection 0x8482c40
(192.168.0.3:4712)(0x0000:0x00) TLS read failure 5 on connection 0x8482c40, setting err = -5875. Error stack:
Monitor 0x42e29bb0 found connection 0x8482c40 socket failure, err = -5875, 0 of 0 bytes read
Monitor 0x42e29bb0 initiating close for connection 0x8482c40
Server closing connection 0x8482c40, socket error = -5875
Connection 0x8482c40 closed

Because LDAP is non-functional, Samba, LUM, iFolder, Groupwise(ldaps), and netstorage are all busted. How do I fix this LDAP problem? Do I need to export the keys to an ldap client somewhere other than where the wiki indicates?

Daniel Griswold, CNE
Griswold Computing