When I upgraded my OES2SP3 servers to OES11SP1, I decided not to move to using the CommonProxy account at that time (there were enough moving parts to not worry about that as well). Recently I have started to try to implement the Common Proxy, for it's obvious benefits, and decided to just start small with moving NetStorage over first. I have read up on the documentation and how to go about creating the actual account and setting netstorage to use it, but I cannot get the move_to_common_proxy.sh to complete properly. Here's what I try and get for output (sanitized)

MYSERVER:~ # /opt/novell/proxymgmt/bin/move_to_common_proxy.sh -d cn=<admin FQDN> -i <MYSERVER IP> -p 636 -s novell-netstorage

Please enter Ldap Admin Password
Common Proxy user not exists.Creating new common proxy user OESCommonProxy_MYSERVER now.
Enter proxy user context FDN for common proxy user .for eg:o=novell: <MYSERVER FQDN>
Going to create Common Proxy user cn=OESCommonProxy_vmc-srv-1,<MYSERVER FQDN> now.
Want to continue?[y/n]:y
Enter Common Proxy User Password
ldap_bind: Can't contact LDAP server
Common Proxy user creation failed

All other services relying on LDAP (LUM, NCS, CIFS, Netstorage) work completely fine, so I know that the LDAP server is running and working properly (also verified that LDAP is accessible on port 636 using nldap_check). I also tried diagnosing with ldapsearch:

this command works (i.e. connects and displays results)
/opt/novell/eDirectory/bin/ldapsearch -D <Admin FQDN> -h <MYSERVER IP> -p 636 -e /var/lib/novell-lum/.<MYSERVER IP>.der -b "" -s base

this command fails with can't contact LDAP server (i.e. I remove cert)
/opt/novell/eDirectory/bin/ldapsearch -D <Admin FQDN> -h <MYSERVER IP> -p 636 -b "" -s base

So it seems to be failing to connect when the trusted root cert isn't supplied, but the LDAP service isn't configured to require any such certificate. Kinda stuck at the moment, but maybe someone out there has some good advice.