Add SSL/TLS to OpenLDAP but some web-app works incorrect.

[Wang Penghui <wangpenghui@realss.com>]

Hi all;

I am newbie here, sorry for the so stupid question. I have a 
OpenLDAP-2.1.30-r3 installation on my gentoo box followed by openldap 
administrator guide in http://www.openldap.org. And non-SSL/TLS it works 
so well.
I have added SSL/TLS support to it follow the manual 
http://www.openldap.org/pub/ksoper/OpenLDAP_TLS_howto.html  step by 
step, except the client cert. After that i fould that it could works 
correctly in localhost with some app such as jxplorer, ldapbrowser, 
egroupware. but phpldapadmin could not work anywhere. It will received 
the follow messages:


Could not start TLS. Please check your LDAP server configuration.

In other machine i use the command

ldapsearch -x -b "dc=example,dc=com" -H "ldaps://myldapdomain"
It will received the correct result.

But it could not work with egroupware in remote machine.

I have searched the web and fould that the client should received the 
server cert, but i didn't know how to configure it. could someone pick 
me up?

The follow is some of my configuration.

slapd.conf:

TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCertificateFile /etc/openldap/myca/servercrt.pem
TLSCertificateKeyFile /etc/openldap/myca/serverkey.pem
TLSCACertificateFile /etc/openldap/myca/cacert.pem
TLSVerifyClient never

ldap.conf:

BASE    dc=example, dc=com
TLS_CACERT /etc/openldap/myca/cacert.pem
TLS_REQCERT     never
TLS_CERT        /etc/openldap/myca/servercrt.pem
TLS_KEY         /etc/openldap/myca/serverkey.pem

Thank you in advance!

Wang Penghui