I made a mistake on above post. In 1-5, about 'LDAP Authentication' describing /etc/ldap.conf modification, I wrote:
> You don't need to have 'tls_cacertfile' line. System will find CA certificate by itself as long as you put it in standard certificate folder (/etc/ssl/certs/).
Turned out you actually NEED 'tls_cacertfile' line. So you have to add 2 lines in /etc/ldap.conf to use TLS enabled libnss_ldap.
Hello again,
I made a mistake on above post. In 1-5, about 'LDAP Authentication' describing /etc/ldap.conf modification, I wrote:
> You don't need to have 'tls_cacertfile' line. System will find CA certificate by itself as long as you put it in standard certificate folder (/etc/ssl/certs/).
Turned out you actually NEED 'tls_cacertfile' line. So you have to add 2 lines in /etc/ldap.conf to use TLS enabled libnss_ldap.
ssl start_tls certs/cacert. pem
tls_cacertfile /etc/ssl/
Sorry about the mess.