On Thursday 28 August 2008 12:28:25 Hauke Coltzau wrote:
Hi everybody,
thank you all for your immediate replies.
As you correctly pointed out, the options I used were wrong. With following ldap.conf, everything works out fine.
base dc=... URI ldaps://<fqdn of ldap server>/ ldap_version 3 rootbinddn cn=... bind_policy soft pam_password md5
TLS_REQCERT yes TLS_CACERT /usr/lib/ssl/certs/<ca>.chain.crt
The ldap.conf I used before has been created by dpkg-reconfigure and I simply changed the default values there. That was a mistake ;-) Creating a new ldap.conf from scratch with a man-page at hand obviously did the trick.
You still seem to be confused between different ldap.conf files, bind_policy, pam_password etc. are not valid in the OpenLDAP ldap.conf file, most likely one belongs in /etc/libnss_ldap.conf and the the other in /etc/libpam_ldap.conf (on Debian-based systems, or /etc/ldap.conf on distros that use the default config file location for nss_ldap/pam_ldap as shipped upstream).
While you may have a working configuration, it may be more by luck than good judgement.
Regards, Buchan