Thanks a lot for the help, bitlord, I highly appreciate it.
I replaced my pam.conf file with the one you provided, and made some modifications to my ldapclient parameters to match yours.
however, I still cant ssh with ldap users, or su to a ldap user with a non root user. id $ldap_user is still working fine.
HTML Code:
# ldapclient list
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_BINDDN= cn=Manager,dc=example,dc=com
NS_LDAP_BINDPASSWD= {NS1}xxxxxxxxxxx
NS_LDAP_SERVERS= arbue-ldapserver
NS_LDAP_SEARCH_BASEDN= dc=example,dc=com
NS_LDAP_CACHETTL= 0
NS_LDAP_CREDENTIAL_LEVEL= proxy
NS_LDAP_SERVICE_SEARCH_DESC= passwd:ou=People,dc=example,dc=com
NS_LDAP_SERVICE_SEARCH_DESC= group:ou=People,dc=example,dc=com
NS_LDAP_SERVICE_SEARCH_DESC= shadow:ou=People,dc=example,dc=com
NS_LDAP_SERVICE_AUTH_METHOD= pam_ldap:tls:simple
NS_LDAP_HOST_CERTPATH= /var/ldap
# ldaplist -l passwd test_username
dn: cn=test username,ou=People,dc=example,dc=com
cn: test username
givenName: test username
gidNumber: 1001
homeDirectory: /home/users/test_username
loginShell: /bin/bash
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
uid: test_username
userPassword: {crypt}$1$xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
uidNumber: 2002
And im receiving this error in the openldap server log:
HTML Code:
Aug 16 14:19:48 ldapserver slapd[24675]: conn=3888 fd=76 ACCEPT from IP=10.10.10.10:54897 (IP=0.0.0.0:389)
Aug 16 14:19:48 ldapserver slapd[24675]: conn=3888 op=0 SRCH base="ou=People,dc=example,dc=com" scope=1 deref=3 filter="(&(objectClass=posixAccount)(uid=test_username))"
Aug 16 14:19:48 ldapserver slapd[24675]: conn=3888 op=0 SEARCH RESULT tag=101 err=0 nentries=1 text=
Aug 16 14:19:48 ldapserver slapd[24675]: conn=3888 op=1 UNBIND
Aug 16 14:19:48 ldapserver slapd[24675]: conn=3888 fd=76 closed
Aug 16 14:19:48 ldapserver slapd[24675]: conn=3889 fd=76 ACCEPT from IP=10.10.10.10:54900 (IP=0.0.0.0:636)
Aug 16 14:19:48 ldapserver slapd[24675]: conn=3889 fd=76 closed (TLS negotiation failure)
Any hint?