Hi Elizabeth, I have been trying to reproduce this (nslcd 0.9.7-1, slapd 2.4.40+dfsg- 1+deb8u2).
I have not been able to reproduce this when not using SSL and the following nslcd.conf also works without problems for me: uid nslcd gid nslcd uri ldaps://192.168.12.1/ base dc=thuis,dc=net tls_reqcert never tls_cacertfile /etc/ssl/certs/ca-certificates.crt reconnect_invalidate passwd,group This leaves the following settings (mostly client-side certificates) which I haven't tested yet: sasl_mech EXTERNAL tls_reqcert demand tls_cacertfile /etc/ssl/certs/cacert.pem tls_key /etc/ssl/private/alakazam_ldap.key tls_cert /etc/ssl/certs/alakazam_ldap.pem Now setting up CA infra for my test environment to see if I can reproduce this but it is a bit of a pain to integrate this into my scripts. Having a backtrace would be very helpful. Thanks, -- -- arthur - adej...@debian.org - https://people.debian.org/~adejong --
signature.asc
Description: This is a digitally signed message part