[SOLVED] external "ldaps" query to zimbra

[kuda]

Hi, I would like to ask those who are familiar with ldap bit more than me:
I have a edge spam filter (relay) and we use relay_recipients table, I am trying to suck users to this table, however I can't bind zimbra via ldaps .. I can verify

PHP Code:

openssl s_client -connect zimbra.domain.com:636 


so I have connection to 636, trying to execute (on spam filter)

PHP Code:

ldapsearch -x -H ldaps://zimbra.domain.com -W -D "uid=zimbra,cn=admins,cn=zimbra" -v -d 255
Enter LDAP Password: 
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP zimbra.domain.no:636
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 172.16.1.2:636
ldap_pvt_connect: fd: 3 tm: -1 async: 0
ldap_err2string
ldap_sasl_bind(SIMPLE): Cant contact LDAP server (-1) 


my /etc/ldap/ldap.conf on spam filter server is

PHP Code:

BASE    dc=domain,dc=com
URI    ldaps://zimbra.domain.com
#ldap://ldap-master.example.com:666

#SIZELIMIT    12
#TIMELIMIT    15
#DEREF        never
TLS_CACERT /etc/ldap/tls-cert/ca.pem 


where ca.pem is file copied from /opt/zimbra/conf/ca/ca.pem from zimbra host to spam filter
...........^^^ I am not sure if this is the file I need for TLS option to ldap.conf, the SSL is configured through Startcom where I got 1st class cert ....

the zimbra host is in default setting, the only thing is that it listens on ldaps (636) configured according to zimbra-wiki

any help or kick would be greatly appreciated!

have another question if it's possible to setup ldap.conf on spam-filer in way that it can query multiple ldap zimbra servers so I can get complete relay_recipient table for all domains!!

TIA! kuda

[kuda]

PHP Code:

TLS_REQCERT never 


solved temporarily the problem so the problem was/is certificate related