I configured CA ans sertificates to work with TLS.
Checking with command ldapsearch on Server and Client:
ldapsearch -D "cn=directory manager" -w password-p 389 -h gpu.example.com -b "dc=example,dc=com " -s sub -x -ZZ "(objectclass=* )"
extended LDIF
#
# LDAPv3
# base <dc=example,dc=com > with scope subtree
# filter: (objectclass=* )
# requesting: ALL
#
# search result
search: 3
result: 0 Success
# numResponses: 1
When i run on client getent passwd, i received
Nov 19 19:47:21 localhost nslcd[1489]: [edbdab] failed to bind to LDAP server ldap://gpu.example.com: Connect error
Nov 19 19:47:21 localhost nslcd[1489]: [edbdab] no available LDAP server found
Nov 19 19:48:39 localhost nslcd[1489]: [838cb2] ldap_start_tls_s() failed: Connect error (uri="ldap://gpu.example.com")
Nov 19 19:48:39 localhost nslcd[1489]: [838cb2] failed to bind to LDAP server ldap://gpu.example.com: Connect error
Nov 19 19:48:39 localhost nslcd[1489]: [838cb2] no available LDAP server found
Nov 19 19:49:30 localhost nslcd[1489]: [53d0cd] ldap_start_tls_s() failed: Connect error (uri="ldap://gpu.example.com")
Nov 19 19:49:30 localhost nslcd[1489]: [53d0cd] failed to bind to LDAP server ldap://gpu.example.com: Connect error
Nov 19 19:49:30 localhost nslcd[1489]: [53d0cd] no available LDAP server found
Nov 19 19:49:30 localhost nslcd[1489]: [53d0cd] no available LDAP server found
Nov 19 19:50:01 localhost nslcd[1489]: [03e0c6] ldap_start_tls_s() failed: Connect error (uri="ldap://gpu.example.com")
Nov 19 19:50:01 localhost nslcd[1489]: [03e0c6] failed to bind to LDAP server ldap://gpu.example.com: Connect error
Nov 19 19:50:01 localhost nslcd[1489]: [03e0c6] no available LDAP server found
Nov 19 19:50:01 localhost nslcd[1489]: [03e0c6] no available LDAP server found
[root@gpu-client ~]# ll /etc/openldap/cacerts
total 0
[root@gpu-client ~]# ll /etc/openldap/ldap.conf
-rw-r--r--. 1 root root 316 Nov 19 19:53 /etc/openldap/ldap.conf
[root@gpu-client ~]# cat /etc/openldap/ldap.conf
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE dc=example,dc=com
#URI ldap://ldap.example.com
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
URI ldap://gpu.example.com
BASE dc=example,dc=com
TLS_CACERTDIR /etc/openldap/cacerts
TLS_REQCERT allow
[root@gpu-client ~]#
|