Windows [ERROR 81] Can't contact LDAP server ???

[Frank Swasey <Frank.Swasey@uvm.edu>]

I am very confused.  I have set up an openldap 2.0.11 server on RedHat
7.2 and have just stumbled on this problem.

My windows clients (Outlook, Softerra LDAP Browser 2.2) are able to
connect to and use the LDAP server unless I configure them to use SSL.
I am able to use SSL from another RedHat (7.1) system with ldapsearch.

Running slapd with the -d -1 parameter, I can see that the RedHat client
continues the SSL negotiation after being asked for a certificate (does
a key exchange) but it appears the Windows clients just close the
connection and throw the ERROR 81 message at the user when requested to
send their certificate for SSLv3...

Is there any change I can make to either the windows clients or the
server to allow this SSL negotiation to work?

Here's the TLS entries from my slapd.conf:

TLSCertificateFile	/usr/share/ssl/certs/ldap.pem
TLSCertificateKeyFile	/usr/share/ssl/certs/ldap.key
TLSCACertificateFile	/usr/share/ssl/certs/ldap.pem

The ldap.pem and ldap.key files were generated with the command:

openssl req -new -x509 -nodes -out ldap.pem -keyout ldap.key -days 365

Before you ask why not 2.0.23, 2.0.11 was the last release that the
cn=Monitor patch will work against -- I am told I need that to get
Steltor's corporate time calendar product working (at least until
version 6 is released) with OpenLDAP.

Thanks,
-- 
Frank Swasey                    | http://www.uvm.edu/~fcs
Systems Programmer              | Always remember: You are UNIQUE,
University of Vermont           |    just like everyone else.
                    === God Bless Us All ===