Openldap+ssl или снова- здорова.......

Народ, помогите разобраться с Openldap + ssl.!!!!

Я думаю, что дело в настройках лдапа, т.к. сертификаты рабочие.
Потомучто сам openssl подключается без проблем:

# openssl s_client -connect padonag.moscow.ximxim.com:636 -cert /etc/ca/padonag-cert.pem -key /etc/ca/padonag-privkey.pem
CONNECTED(00000003)
depth=1 /C=RU/ST=Russia/O=XIM/OU=Moscow/CN=Chlorum
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
0 s:/C=RU/ST=Russia/O=XIM/OU=Moscow/CN=padonag.moscow.ximxim.com
i:/C=RU/ST=Russia/O=XIM/OU=Moscow/CN=Chlorum
1 s:/C=RU/ST=Russia/O=XIM/OU=Moscow/CN=Chlorum
i:/C=RU/ST=Russia/O=XIM/OU=Moscow/CN=Chlorum
---
Server certificate
-----BEGIN CERTIFICATE-----
xxxxxxxxxxxx
xxxxxxxxxxxx
xxxxxxxxxxxx
xxxxxxxxxxxx
xxxxxxxxxxxx==
-----END CERTIFICATE-----
subject=/C=RU/ST=Russia/O=XIM/OU=Moscow/CN=padonag.moscow.ximxim.com
issuer=/C=RU/ST=Russia/O=XIM/OU=Moscow/CN=Chlorum
---
Acceptable client certificate CA names
/C=RU/ST=Russia/O=XIM/OU=Moscow/CN=Chlorum
---
SSL handshake has read 1761 bytes and written 1245 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID: 10540B498D2EDFE6AA21ABA4D7EA8A6CE802C98B216BE28E722DDB597E04E8BA
Session-ID-ctx:
Master-Key: 0ECD9FC7135861AD8D6F2EB39942D1D82B93219C1B0194B74251C161C1D2E2B81BC86D5DE99314C9F71F9BD6DA50D2F2
Key-Arg : None
Start Time: 1196866829
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
---

Но про попытке подключения лдапа выскакивает следующая херь:

# ldapsearch -D "cn=ldapadmin,dc=moscow,dc=ximxim,dc=com" -W -d 255
ldap_create
Enter LDAP Password:
ldap_bind
ldap_simple_bind
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP padonag.moscow.ximxim.com:636
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 127.0.0.1:636
ldap_connect_timeout: fd: 3 tm: -1 async: 0
TLS trace: SSL_connect:before/connect initialization
tls_write: want=142, written=142
0000: 80 8c 01 03 01 00 63 00 00 00 20 00 00 39 00 00 ......c... ..9..
0010: 38 00 00 35 00 00 88 00 00 87 00 00 84 00 00 16 8..5............
0020: 00 00 13 00 00 0a 07 00 c0 00 00 33 00 00 32 00 ...........3..2.
0030: 00 2f 00 00 45 00 00 44 00 00 41 00 00 07 05 00 ./..E..D..A.....
0040: 80 03 00 80 00 00 05 00 00 04 01 00 80 00 00 15 ................
0050: 00 00 12 00 00 09 06 00 40 00 00 14 00 00 11 00 ........@.......
0060: 00 08 00 00 06 04 00 80 00 00 03 02 00 80 5c 8a ..............\.
0070: 1f 19 c8 9e e4 df 72 c7 0b 1d d2 45 ed 14 54 a8 ......r....E..T.
0080: 4a 6a 0f ad 25 d8 63 9c 4f ab 70 c9 b2 f8 Jj..%.c.O.p...
TLS trace: SSL_connect:SSLv2/v3 write client hello A
tls_read: want=7, got=7
0000: 16 03 01 00 4a 02 00 ....J..
tls_read: want=72, got=72
0000: 00 46 03 01 47 56 bd 9e 00 98 52 f3 86 6e 24 72 .F..GV....R..n$r
0010: 4d 91 49 ff 20 a8 78 45 cc 28 5a 81 e3 b5 ac 3a M.I. .xE.(Z....:
0020: 42 09 0b c8 20 20 5d 20 24 95 6e 28 c8 79 ea 46 B... ] $.n(.y.F
0030: b5 d1 ef f1 88 38 43 32 0a 25 8d b4 f7 3f 8e 5f .....8C2.%...?._
0040: 54 27 a5 3d d7 00 35 00 T'.=..5.
TLS trace: SSL_connect:SSLv3 read server hello A
tls_read: want=5, got=5
0000: 16 03 01 05 ec .....
tls_read: want=1516, got=1516
0000: 0b 00 05 e8 00 05 e5 00 02 ef 30 82 02 eb 30 82 ..........0...0.
0010: 02 54 a0 03 02 01 02 02 09 00 91 56 f6 36 eb 79 .T.........V.6.y
0020: 74 f4 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 t.0...*.H.......
0030: 00 30 4f 31 0b 30 09 06 03 55 04 06 13 02 52 55 .0O1.0...U....RU
0040: 31 0f 30 0d 06 03 55 04 08 13 06 52 75 73 73 69 1.0...U....Russi
0050: 61 31 0c 30 0a 06 03 55 04 0a 13 03 58 49 4d 31 a1.0...U....XIM1
0060: 0f 30 0d 06 03 55 04 0b 13 06 4d 6f 73 63 6f 77 .0...U....Moscow
0070: 31 10 30 0e 06 03 55 04 03 13 07 43 68 6c 6f 72 1.0...U....Chlor
0080: 75 6d 30 1e 17 0d 30 37 31 32 30 35 31 34 32 34 um0...0712051424
0090: 35 36 5a 17 0d 31 37 31 32 30 32 31 34 32 34 35 56Z..17120214245
00a0: 36 5a 30 61 31 0b 30 09 06 03 55 04 06 13 02 52 6Z0a1.0...U....R
00b0: 55 31 0f 30 0d 06 03 55 04 08 13 06 52 75 73 73 U1.0...U....Russ
00c0: 69 61 31 0c 30 0a 06 03 55 04 0a 13 03 58 49 4d ia1.0...U....XIM
00d0: 31 0f 30 0d 06 03 55 04 0b 13 06 4d 6f 73 63 6f 1.0...U....Mosco
00e0: 77 31 22 30 20 06 03 55 04 03 13 19 70 61 64 6f w1"0 ..U....pado
00f0: 6e 61 67 2e 6d 6f 73 63 6f 77 2e 78 69 6d 78 69 nag.moscow.ximxi
0100: 6d 2e 63 6f 6d 30 81 9f 30 0d 06 09 2a 86 48 86 m.com0..0...*.H.
0110: f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 ...........0....
0120: 81 00 a8 6b 1e 0d 52 d1 86 61 bf 08 74 d5 b0 0c ...k..R..a..t...
0130: ab ce a7 84 77 fa d6 33 71 94 d0 4c 36 e9 9d 53 ....w..3q..L6..S
0140: dc ae 16 31 fe 95 0d b1 a5 1e 43 a8 df ef 8b 1e ...1......C.....
0150: 83 55 6a 82 0f a7 7d 1e 38 6e a3 b9 25 ad 11 c6 .Uj...}.8n..%...
0160: e9 37 ea b3 4d 90 d7 2e b3 b3 8f 77 5a e9 12 0c .7..M......wZ...
0170: fc 06 b1 76 d7 24 af f5 36 c5 c7 90 4f 3f 43 14 ...v.$..6...O?C.
0180: e1 42 ea e9 9e 4d 2e b4 bd 46 39 28 c8 3b 37 d4 .B...M...F9(.;7.
0190: dd 95 6c 87 30 1d 92 af 6a 42 65 bd 8e 30 f5 00 ..l.0...jBe..0..
01a0: 91 59 02 03 01 00 01 a3 81 bc 30 81 b9 30 1d 06 .Y........0..0..
01b0: 03 55 1d 0e 04 16 04 14 b4 74 a9 ef aa 43 2b 29 .U.......t...C+)
01c0: c6 ec 88 0b f8 fe 3b f3 ae aa 6f 14 30 7f 06 03 ......;...o.0...
01d0: 55 1d 23 04 78 30 76 80 14 e5 08 99 11 1c e7 06 U.#.x0v.........
01e0: d4 5c 1d d2 c3 17 15 d1 8b 06 ad a7 da a1 53 a4 .\............S.
01f0: 51 30 4f 31 0b 30 09 06 03 55 04 06 13 02 52 55 Q0O1.0...U....RU
0200: 31 0f 30 0d 06 03 55 04 08 13 06 52 75 73 73 69 1.0...U....Russi
0210: 61 31 0c 30 0a 06 03 55 04 0a 13 03 58 49 4d 31 a1.0...U....XIM1
0220: 0f 30 0d 06 03 55 04 0b 13 06 4d 6f 73 63 6f 77 .0...U....Moscow
0230: 31 10 30 0e 06 03 55 04 03 13 07 43 68 6c 6f 72 1.0...U....Chlor
0240: 75 6d 82 09 00 91 56 f6 36 eb 79 74 f3 30 0c 06 um....V.6.yt.0..
0250: 03 55 1d 13 04 05 30 03 01 01 ff 30 09 06 03 55 .U....0....0...U
0260: 1d 11 04 02 30 00 30 0d 06 09 2a 86 48 86 f7 0d ....0.0...*.H...
0270: 01 01 05 05 00 03 81 81 00 86 71 64 1c 8f 9c 64 ..........qd...d
0280: 20 0a 6d 88 9c 65 98 77 c0 9b b3 b2 75 7f 6d b5 .m..e.w....u.m.
0290: f2 39 9e 4d 14 9a 3c a4 d1 5a c9 f3 a5 f9 64 1a .9.M..<..Z....d.
02a0: a0 f1 96 19 92 de c4 fb 78 3e 89 9f e0 38 0a 4d ........x>...8.M
02b0: 78 6e f6 fb 90 a3 c8 77 2f 38 8a 76 f4 d5 5b f0 xn.....w/8.v..[.
02c0: 74 fc 85 e4 2a 78 ff 9e b3 a9 75 9c c9 0e ba e6 t...*x....u.....
02d0: 10 2a e8 2b 4d 36 9f 37 18 bf a6 e7 50 51 c3 ac .*.+M6.7....PQ..
02e0: ff 4c e4 27 51 d8 79 e4 dc fa f2 00 b4 2c 6c 3c .L.'Q.y......,l<
02f0: 0e 6b 00 65 38 a2 b5 e6 90 00 02 f0 30 82 02 ec .k.e8.......0...
0300: 30 82 02 55 a0 03 02 01 02 02 09 00 91 56 f6 36 0..U.........V.6
0310: eb 79 74 f3 30 0d 06 09 2a 86 48 86 f7 0d 01 01 .yt.0...*.H.....
0320: 05 05 00 30 4f 31 0b 30 09 06 03 55 04 06 13 02 ...0O1.0...U....
0330: 52 55 31 0f 30 0d 06 03 55 04 08 13 06 52 75 73 RU1.0...U....Rus
0340: 73 69 61 31 0c 30 0a 06 03 55 04 0a 13 03 58 49 sia1.0...U....XI
0350: 4d 31 0f 30 0d 06 03 55 04 0b 13 06 4d 6f 73 63 M1.0...U....Mosc
0360: 6f 77 31 10 30 0e 06 03 55 04 03 13 07 43 68 6c ow1.0...U....Chl
0370: 6f 72 75 6d 30 1e 17 0d 30 37 31 32 30 35 31 34 orum0...07120514
0380: 31 39 32 36 5a 17 0d 31 37 31 32 30 32 31 34 31 1926Z..171202141
0390: 39 32 36 5a 30 4f 31 0b 30 09 06 03 55 04 06 13 926Z0O1.0...U...
03a0: 02 52 55 31 0f 30 0d 06 03 55 04 08 13 06 52 75 .RU1.0...U....Ru
03b0: 73 73 69 61 31 0c 30 0a 06 03 55 04 0a 13 03 58 ssia1.0...U....X
03c0: 49 4d 31 0f 30 0d 06 03 55 04 0b 13 06 4d 6f 73 IM1.0...U....Mos
03d0: 63 6f 77 31 10 30 0e 06 03 55 04 03 13 07 43 68 cow1.0...U....Ch
03e0: 6c 6f 72 75 6d 30 81 9f 30 0d 06 09 2a 86 48 86 lorum0..0...*.H.
03f0: f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 ...........0....
0400: 81 00 b4 1e a6 a3 9d a9 d3 fe 0b f4 aa 46 ac b6 .............F..
0410: 07 bb 5e 88 5b d4 af 24 30 a5 f2 d7 17 13 8c f8 ..^.[..$0.......
0420: be 73 c4 0e ea 9e 7c f8 9a 8c ec de e9 e3 f7 2e .s....|.........
0430: 4f bd cd 21 fa 39 ef 9a f2 1b b8 51 d5 74 34 cd O..!.9.....Q.t4.
0440: 14 78 47 ff eb ee be ab 5b 44 b7 39 cc ba 9b 1c .xG.....[D.9....
0450: 24 c2 61 60 a0 05 5c e2 c5 c9 9c b2 ad 82 76 98 $.a`..\.......v.
0460: 79 88 b5 5f 8a 81 f8 4e f3 7f b6 f1 c5 53 7c bc y.._...N.....S|.
0470: 9e b6 79 12 f8 1a 18 35 af 8b bd c9 04 a4 ec eb ..y....5........
0480: 8f 8d 02 03 01 00 01 a3 81 cf 30 81 cc 30 1d 06 ..........0..0..
0490: 03 55 1d 0e 04 16 04 14 e5 08 99 11 1c e7 06 d4 .U..............
04a0: 5c 1d d2 c3 17 15 d1 8b 06 ad a7 da 30 7f 06 03 \...........0...
04b0: 55 1d 23 04 78 30 76 80 14 e5 08 99 11 1c e7 06 U.#.x0v.........
04c0: d4 5c 1d d2 c3 17 15 d1 8b 06 ad a7 da a1 53 a4 .\............S.
04d0: 51 30 4f 31 0b 30 09 06 03 55 04 06 13 02 52 55 Q0O1.0...U....RU
04e0: 31 0f 30 0d 06 03 55 04 08 13 06 52 75 73 73 69 1.0...U....Russi
04f0: 61 31 0c 30 0a 06 03 55 04 0a 13 03 58 49 4d 31 a1.0...U....XIM1
0500: 0f 30 0d 06 03 55 04 0b 13 06 4d 6f 73 63 6f 77 .0...U....Moscow
0510: 31 10 30 0e 06 03 55 04 03 13 07 43 68 6c 6f 72 1.0...U....Chlor
0520: 75 6d 82 09 00 91 56 f6 36 eb 79 74 f3 30 0c 06 um....V.6.yt.0..
0530: 03 55 1d 13 04 05 30 03 01 01 ff 30 1c 06 03 55 .U....0....0...U
0540: 1d 11 04 15 30 13 81 11 73 72 6f 67 6f 76 40 78 ....0...srogov@x
0550: 69 6d 78 69 6d 2e 63 6f 6d 30 0d 06 09 2a 86 48 imxim.com0...*.H
0560: 86 f7 0d 01 01 05 05 00 03 81 81 00 87 24 51 42 .............$QB
0570: 76 af a7 45 c4 94 ec a5 40 6f 25 e1 bf 83 57 97 v..E....@o%...W.
0580: 3e 9c 9b 94 e5 6f fd 0f f4 aa 14 fc 49 50 d8 c0 >....o......IP..
0590: 92 9f fc 47 8b ac bc 47 cd 3c ca 1b fb 5c 60 f3 ...G...G.<...\`.
05a0: 10 60 a0 ca 39 cd 25 38 40 5e 02 04 b2 be 78 da .`..9.%8@^....x.
05b0: 2f d8 9c a3 d7 1d 2e e7 7b 25 84 89 cf 1e 17 da /.......{%......
05c0: 43 4f c7 c7 7f 12 cd 55 3b 78 bf c9 bf b9 07 17 CO.....U;x......
05d0: 4f 23 25 87 d9 29 f7 ce b5 6f cb cf 76 f4 ff 6a O#%..)...o..v..j
05e0: 60 71 a6 73 00 26 58 d8 43 59 00 dc `q.s.&X.CY..
TLS certificate verification: depth: 1, err: 0, subject: /C=RU/ST=Russia/O=XIM/OU=Moscow/CN=Chlorum, issuer: /C=RU/ST=Russia/O=XIM/OU=Moscow/CN=Chlorum
TLS certificate verification: depth: 0, err: 0, subject: /C=RU/ST=Russia/O=XIM/OU=Moscow/CN=padonag.moscow.ximxim.com, issuer: /C=RU/ST=Russia/O=XIM/OU=Moscow/CN=Chlorum
TLS trace: SSL_connect:SSLv3 read server certificate A
tls_read: want=5, got=5
0000: 16 03 01 00 61 ....a
tls_read: want=97, got=97
0000: 0d 00 00 59 03 01 02 40 00 53 00 51 30 4f 31 0b ...Y...@.S.Q0O1.
0010: 30 09 06 03 55 04 06 13 02 52 55 31 0f 30 0d 06 0...U....RU1.0..
0020: 03 55 04 08 13 06 52 75 73 73 69 61 31 0c 30 0a .U....Russia1.0.
0030: 06 03 55 04 0a 13 03 58 49 4d 31 0f 30 0d 06 03 ..U....XIM1.0...
0040: 55 04 0b 13 06 4d 6f 73 63 6f 77 31 10 30 0e 06 U....Moscow1.0..
0050: 03 55 04 03 13 07 43 68 6c 6f 72 75 6d 0e 00 00 .U....Chlorum...
0060: 00 .
TLS trace: SSL_connect:SSLv3 read server certificate request A
TLS trace: SSL_connect:SSLv3 read server done A
TLS trace: SSL_connect:SSLv3 write client certificate A
TLS trace: SSL_connect:SSLv3 write client key exchange A
TLS trace: SSL_connect:SSLv3 write change cipher spec A
TLS trace: SSL_connect:SSLv3 write finished A
tls_write: want=210, written=210
0000: 16 03 01 00 07 0b 00 00 03 00 00 00 16 03 01 00 ................
0010: 86 10 00 00 82 00 80 a3 46 10 f7 71 19 a2 5b 5e ........F..q..[^
0020: bd ce fb 7a e1 21 9f 93 01 51 3d 30 88 63 75 94 ...z.!...Q=0.cu.
0030: 08 ba 50 61 24 4a 32 65 a5 60 f8 34 e5 3e 44 c0 ..Pa$J2e.`.4.>D.
0040: 97 f6 c7 e5 08 c2 d9 8a 54 ad d5 f7 e0 51 41 3d ........T....QA=
0050: 73 20 66 27 2f 4a 4b ca 14 92 6e 8d 87 83 63 75 s f'/JK...n...cu
0060: 10 16 fb 74 6a 21 37 09 1a d2 d5 81 4f b6 39 47 ...tj!7.....O.9G
0070: c4 ed 52 6b a2 1e 2c 38 5f f7 2c 4b b0 58 c1 6c ..Rk..,8_.,K.X.l
0080: 24 e6 6c a9 13 17 1a 00 b6 aa e1 f0 fa 62 6d 0f $.l..........bm.
0090: 2e bb 9f cb 26 8a 37 14 03 01 00 01 01 16 03 01 ....&.7.........
00a0: 00 30 9d 7c 23 55 97 eb 54 e1 2b 82 49 ac 13 8f .0.|#U..T.+.I...
00b0: d1 ac 59 a7 14 21 21 1c 85 51 b6 f2 a6 02 da c5 ..Y..!!..Q......
00c0: 7f 2e 1d f2 1e fa 9f e4 33 fc c4 2d d0 7a ba 7f ........3..-.z..
00d0: 85 ba ..
TLS trace: SSL_connect:SSLv3 flush data
tls_read: want=5, got=5
0000: 15 03 01 00 02 .....
tls_read: want=2, got=2
0000: 02 28 .(
TLS trace: SSL3 alert read:fatal:handshake failure
TLS trace: SSL_connect:failed in SSLv3 read finished A
TLS: can't connect.
ldap_perror
ldap_bind: Can't contact LDAP server (-1)
additional info: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure

Конфиги

#cat /etc/openldap/ldap.conf
#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.
ssl on
ssl start_tls
BASE dc=moscow,dc=ximxim,dc=com
URI ldaps://padonag.moscow.ximxim.com
TLS hard
TLS_REQCERT demand
TLS_CACERT /etc/openldap/ssl/padonag-cacert.pem
TLS_CERT /etc/openldap/ssl/padonag-cert.pem
TLS_KEY /etc/openldap/ssl/padonag-privkey.pem

#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never

Фрагмент /etc/openldap/slapd.conf

# Define SSL and TLS properties (optional)
#disallow tls_authc
tls on
start tls
TLSCipherSuite HIGH:MEDIUM:+SSLv2:+TLSv1
TLSCertificateFile /etc/openldap/ssl/padonag-cert.pem
TLSCertificateKeyFile /etc/openldap/ssl/padonag-privkey.pem
TLSCACertificateFile /etc/openldap/ssl/padonag-cacert.pem
TLSCertificatePath /etc/openldap/ssl/
TLSVerifyClient demand

Причём без ssl всё работает нормально....