I am trying to set up an OpenLDAP passthrough authentication to another server.
When I do testsaslauthd with simple ldap:// the test works fine. When I try with ldaps:// it fails.
ldap_simple_bind() failed -1 (Can't contact LDAP server)
I can telnet the ldaps port of the server so there isn't a case of the server being unavailable or my firewall blocking something...
Any clues?
Ok. It was a problem with the certificates. While testsaslauthd gave no useful output for debugging (no matter how much I tried to get more info) ldapsearch gave me a hint.
So. Ensure that in /etc/openldap/ldap.conf the certificate directory entry exists
TLS_CACERTDIR /etc/openldap/certs
and also download the certificate from the ldap server (the part starting from begin and ending to the end tag) and save it in a file in the above directory with
openssl s_client -showcerts -connect ldap.server.com:636