[Techtalk] problems setting up TLS with openldap

[Wim De Smet]

Hi,

I've been playing around with openldap and some debian/ubuntu clients,
trying to get it to do TLS authentication. On the server I seem to
have everything set up correctly. I've created some self-signed
certificates, set them in the config file, set permissions etc.
However, on the client I'm running into some problems when logging.

I've got it configured to use TLS as follows:
ssl start_tls
tls_checkpeer yes
tls_cacertfile [...]

This "works" as it allows me to login, however libnss-ldap seems to be
having trouble with it. It doesn't really need to be using TLS as I'm
only requiring this for authentication, but since the config file is
shared (on ubuntu) I don't have much choice, though I could try
splitting it by specificing it somewhere. In any case, once logged in
home dir information etc is not available and simple commands like
"whoami" fail. Output in /var/log/auth.log goes like:
Nov  6 21:54:30 timmy -bash: nss_ldap: reconnecting to LDAP server...
Nov  6 21:54:31 timmy -bash: nss_ldap: reconnecting to LDAP server
(sleeping 1 seconds)...
Nov  6 21:54:32 timmy -bash: nss_ldap: could not search LDAP server -
Server is unavailable
Nov  6 21:54:32 timmy id: nss_ldap: reconnecting to LDAP server...
Nov  6 21:54:32 timmy id: nss_ldap: reconnecting to LDAP server
(sleeping 1 seconds)...
Nov  6 21:54:33 timmy id: nss_ldap: could not search LDAP server -
Server is unavailable

And so on and so on. Anyone have any experience with this? Any ideas?

greets,
Wim