c0re nr1c0re@gmail.com writes:
# making clientkey openssl genrsa -out client.key 2048 # making certificate request openssl req -new -key client.key -out client.csr # signing openssl x509 -req -days 1024 -CA ../ssl/rootcrt.pem -CAkey ../ssl/rootkey.pem -in client.csr -out client.crt -CAserial ../ssl/root.seq
# configuring on client TLS_CACERT /usr/local/etc/openldap/ssl-client/rootcrt.pem TLS_CERT /usr/local/etc/openldap/ssl-client/client.crt and TLS_KEY /usr/local/etc/openldap/ssl-client/client.key
Trying again with slapd debug and client calling "id test"
[...] As there are no obvious errors in the log you should get TLS properly working, prior to testing with pam. Just do a ldapsearch or a ldapwhoami either on uri ldaps:// or startTLS on ldap://
-Dieter