Brett @Google schrieb:

Have a look at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=517188 Openldap in Lenny is linked against GNUtls instead of openssl. GNUtls doesn't support the

TLS_CACERTDIR configuration option, so we have to use TLS_CACERT to specify a file with trusted CA certificates.

GNUtls is not the same as openssl, if you are affected by this bug then it will only load the first cert.

Cheers Brett

I just noticed that I can remove the CA related directives and copy alle required intermediate certificates and the root certificate directly into the key file to build the trust chain. Problem solved. Thanks for pushing my research into the right direction!