A little research yields that this is due to the client not being able to validate the SSL cert and to get around this problem you have to set the following in the ldap.conf fileauthentication failed: 0x51 (Can't contact LDAP server; error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (unable to get local issuer certificate))
and restart the zend server. Problem is that I can't locate the ldap.conf file on the iSeries. Also I found this note on the ZF2 reference guide:TLS_REQCERT never
That pretty much states how to fix the issue. Assuming zend server php5 is linked to ldap on the iSeries some how. Can this be configured in Zend Server? If so where?If you enable useStartTls = TRUE or useSsl = TRUE you may find that the LDAP client generates an error claiming that it cannot validate the server’s certificate. Assuming the PHP LDAP extension is ultimately linked to the OpenLDAP client libraries, to resolve this issue you can set “TLS_REQCERT never” in the OpenLDAP client ldap.conf (and restart the web server) to indicate to the OpenLDAP client library that you trust the server. Alternatively, if you are concerned that the server could be spoofed, you can export the LDAP server’s root certificate and put it on the web server so that the OpenLDAP client can validate the server’s identity.
If there are any iSeries pros here that could point me in the right direction I would be greatly in your debt.
BTW, connecting over a non-SSL/TLS works fine. We do have valid certs installed on our iSeries just not a proper CA root cert