I've set up postfix in a chroot environment and have copied the necessary
files (not all though) into the chroot directory.


I've been able to do a smtp auth using sasl through pam, but when I turn on
the TLS option, this error appear:
May 9 21:06:17 thunderbolt postfix/smtpd[2714]: pam_ldap: ldap_starttls_s:
Connect error May 9 21:06:17 thunderbolt postfix/smtpd[2714]:
warning: thunderbolt.testing.com[192.168.1.7]: SASL LOGIN authentication
failed


I've already copied the right certificate and that certificate has been used
for other pam usage, such as login, etc. So from my deduction, there
shouldn't be any mistake about the hostname in the cert not matching the one
I'm about to connect to (in /etc/ldap.conf and
/var/spool/postfix/etc/ldap.conf, I've stated the ldap server is at
thunderbolt.testing.com).


There should be other thing that I had forgotten? Is it any library files
that I've not copied?


Thank you

If you say you stated "host thunderbolt.testing.com" in your ldpa.conf, can you recheck you *made* your certificate for "thunderbolt.testing.com"?

Yes, I did. In fact, when I do telnet/su etc (as long as it's not chrooted), it works.

In chroot, I've copied the relevant certificates:
CA's cert, site's cert and site's key.

I'm sorry. It's my own mistake. I feel like slapping myself

I mistook the CA certificate for the site's certificate and mixed up the whole thing. I did a whole reinstall of my linux box