I have gotten OpenLDAP with SSL working on a test box with a signed certificate. I can use an LDAP tool on a Windows box to view the LDAP over SSL (port 636). But when I run dpkg-reconfigure ldap-auth-config to setup my local login to use ldaps, my login under a username in the directory doesn't work. If I change the config to use just plain ldap (port 389) it works just fine (I can login under a username in the directory). When its setup for ldaps I get Auth.log shows:
Sep 5 13:48:27 boromir sshd[13453]: pam_ldap: ldap_simple_bind Can't contact LDAP server
Sep 5 13:48:27 boromir sshd[13453]: pam_ldap: reconnecting to LDAP server...
Sep 5 13:48:27 boromir sshd[13453]: pam_ldap: ldap_simple_bind Can't contact LDAP server
I will provide whatever are needed. I'm not sure what else to include.
Best Answer
I suspect you're using "ldaps://server/" for your URI when you need something like "ldaps://server:636/".
Without specifying the port, its going to try TLS over port 389.