For several version of ESX I've used LDAP authentication to tie in authentication to my directory tree (NOT Active Directory). In version 4.1.0, I'm having a very hard time getting it working. I run the following command:
esxcfg-auth --enableldap --enableldapauth --ldapserver=edirectory1.my.domain --enableldaptls --ldapbasedn=dc=it,dc=my,dc=domain
which configures the ldap.conf files correctly and seems to enable everything. After doing this, I can log in via SSH and can see the users under the Add Permissions section of the VI Client, but I cannot log on using LDAP users in the VI Client. The error is invalid login, and, in /var/log/messages, I see the following:
Jan 27 12:49:20 esx2 /usr/lib/vmware/bin/vmware-hostd[3410]: pam_ldap: ldap_set_option(LDAP_OPT_X_TLS_CACERTDIR): Can't contact LDAP server
Jan 27 12:49:20 esx2 /usr/lib/vmware/bin/vmware-hostd[3410]: pam_ldap: _set_ssl_default_options failed
Jan 27 12:49:20 esx2 /usr/lib/vmware/bin/vmware-hostd[3410]: pam_ldap: ldap_starttls_s: Not Supported
Any ideas what I'm doing wrong?? I've tried changing the config file from TLS (ssl start_tls) to traditional SSL (ssl on), but that just generates different errors. It also seems to only be vmware-hostd that has this issue - sshd works fine with LDAP authentication, and all of the command-line utils recognize the users.
Thanks,
Nick