Error seen in logs is:
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
dsa> Accepting call from TCP <IP>:<PORT>
GetRemoteHostName:Skipping local host-name validation
STATE: SSL3 alert read: fatal: unknown CA
STATE: SSL_accept: failed in error
Warning: SSL Error
Warning: 7eff0009db98- 15030300 020230 ......0
Warning: 0:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:s3_pkt.c:1498:SSL alert number 48
0:error:140940E5:SSL routines:ssl3_read_bytes:ssl handshake failure:s3_pkt.c:1216:
Warning: ssld_ssl_request failed
Warning: TLS/SSL handshake failed for call from <IP>:<PORT>
CA Directory 14.1.X
Command did not contain Root CA cert to be checked by ldapsearch client against server certificate.
This can be set permanently in ldapsearch config file under:
TLS_CACERT
see ldapsearch documentation here.