Comment 28 for bug 64301

Emu (email-eziegler) wrote :

SOLVED in Ubuntu Lucid: use 'libnss-ldapd' and 'libpam-ldapd' (note the 'd' at the end of the packages) together with with the 'nslcd' package (note the 'l' in the middle)

This allows to set the user and group with which the 'nslcd' daemon runs in '/etc/nslcd.conf'. I set the group from 'nslcd' to 'ssl-cert' and made sure that the key file can be read for that group.

my '/etc/nslcd.conf' reads as follows:

# /etc/nslcd.conf
# nslcd configuration file. See nslcd.conf(5)
# for details.

# The user and group nslcd should run as.
uid nslcd
gid ssl-cert

# The location at which the LDAP server(s) should be reachable.
uri ldap://<put server address here>

# The search base that will be used for all queries.
base <put LDAP base here>

# The LDAP protocol version to use.
ldap_version 3

# SSL options
ssl start_tls
tls_reqcert demand
tls_cacertfile /etc/ssl/certs/ca-local.cert.pem
tls_cert /etc/ssl/certs/client.cert.pem
tls_key /etc/ssl/private/client.key.pem