At some point in time late in March 2013, an update to my Mac broke the ldapsearch functionality.  I had a simple script written with a menu that would allow me to query the school’s directory for commonly needed info such as usernames, phone numbers, departments and so on.

Everything worked wonderfully until last month I started receiving this error:

ldap_sasl_bind(SIMPLE): Can’t contact LDAP server (-1)

After a lot of googlin’ most people receiving this error suggested adding either of these to my ldap.conf file

TLS_REQCERT    never
or
TLS_REQCERT     allow

Unfortunately, neither of these made any difference.  How frustrating.  After a while I came to the realization that the ldapsearch was not longer looking at the configuration file in the standard location /etc/openldap/ldap.conf

On the Mac, using the dtruss command (similar to strace), I was able to track down where it was looking for the file by a command similar to this:

sudo dtruss -a ldapsearch [rest of the query here] 2>&1 |grep conf

which gave me what I was looking for…
346/0x2f28:    247865   12423    152 open_nocancel(“/opt/local/etc/openldap/ldap.conf\0″, 0x0, 0x1B6)         = 3 0

No file existed there yet, so a simple symlink to my original configuation file fixed my ldapsearch!

sudo  ln -s /etc/openldap/ldap.conf /opt/local/etc/openldap/ldap.conf