ldap over ssl php,ldapsearch over ssl/tls不起作用

我试图使用ldapsearch over ssl / tls连接，但它不工作：

ldapsearch -ZZ -d 5 -b “cn=Users,dc=my,dc=server,dc=com” -s sub -D

“cn=mydevice,cn=Users,dc=my,dc=server,dc=com” -h my.server.com -p 3269

-w “mypass” -x “(cn=test)”

ldap_create

ldap_url_parse_ext(ldap://my.server.com:3269)

ldap_extended_operation_s

ldap_extended_operation

ldap_send_initial_request

ldap_new_connection 1 1 0

ldap_int_open_connection

ldap_connect_to_host: TCP my.server.com:3269

ldap_new_socket: 3

ldap_prepare_socket: 3

ldap_connect_to_host: Trying 10.199.46.70:3269

ldap_connect_timeout: fd: 3 tm: -1 async: 0

ldap_open_defconn: successful

ldap_send_server_request

ber_scanf fmt ({it) ber:

ber_scanf fmt ({) ber:

ber_flush: 31 bytes to sd 3

ldap_result ld 0x95ff590 msgid 1

wait4msg ld 0x95ff590 msgid 1 (infinite timeout)

wait4msg continue ld 0x95ff590 msgid 1 all 1

** ld 0x95ff590 Connections:

* host: my.server.com port: 3269 (default)

refcnt: 2 status: Connected

last used: Mon Feb 27 10:59:43 2012

** ld 0x95ff590 Outstanding Requests:

* msgid 1, origid 1, status InProgress

outstanding referrals 0, parent count 0

** ld 0x95ff590 Response Queue:

Empty

ldap_chkResponseList ld 0x95ff590 msgid 1 all 1

ldap_chkResponseList returns ld 0x95ff590 NULL

ldap_int_select

read1msg: ld 0x95ff590 msgid 1 all 1

ber_get_next

ldap_perror

ldap_start_tls: Can’t contact LDAP server (-1)

错误消息不足以暗示出错。相比之下，简单的绑定和搜索在389端口没有任何问题。

任何提示？

附：这是我的ldap.conf：

TLS_REQCERT demand

TLS_CACERT ./cacert.pem

我甚至试图将TLS_REQCERT改为从不，但它仍然不起作用。 🙁