I have installed the stock openssl packages for redhat 8.0 (openldap 2.0.27)
and configured both a server and a client.
Right now, user authentication with nss_ldap and pam_ldap works correctly (I
migrated the users via the perl scripts provided with the standard RPM
packages). I can also change the password for a given user, having set up an
ACL list enabling only authenticated users to do it. Now I would like to set
up SSL via the tls options of openldap.
I generated the server certificates, gave them the correct permissions,
placed the TLS directives in the slapd.conf file and the directives ssl on
or ssl tls_start on the client ldap.conf file. nmap on the server reports
that the 389 and 636 ports are open, for ldap and ldap ssl.
When performing a query via ldapserach with the -Z option (enabling SSL),
everything works fine and I can get responses. Not the same with ldapsearch
and -ZZ option When I try to login to the client machine, it is no more
possible (on /var/log/messages: pam_ldap: ldap_simple_bind Can't contact
LDAP server or, for tls, ldap_starttls_s: Connect error).
Anyone can help me ?
thank you
Paolo Marini