I have seen the later comments in the thread, but I think the problem is that you need to choose whether to use tls or ssl. If you use tls, you should connect to port 389 and issue start-tls. If you use ssl you connect to 636 and don't do start-tls. Doing both, ie connect to 636 and issue start-tls is probably a bad thing.
Another this you could try is to ark up an openldap server on a linux box. You can run the server with debugging switched on and see the entire certificate negotiation from the servers point of view.
Regards, Frankl Ranner
The problem is now fixed. First, i activated the complete debug of the ldap module with "ldap_debug =0xFFFF". (Thanks Novell!) So, in this debug, i saw, that the cn in the certificate differs from the name of the server. so, i fixed this in my configuration, and everything works fine now. How can I/we improve the documentation of the ldap module? for example: it should be mentioned, that you need the config "ldap_debug =0xFFFF" for the complete ldap debug... and a few other things like the undocumented config-option "port"... it should be added to the config-file. what do the others think? Thanks for all the support! great job! Sebastian -- Psssst! Schon vom neuen GMX MultiMessenger gehört? Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger