Edit the file /etc/openldap/ldap.conf
URI ldap://$FQDN_OF_SERVER/ (has to be the same fqdn as in the certificate)
BASE dc=mydomain,dc=com
TLS_CACERTDIR /etc/openldap/cacerts
now edit the /etc/nsswitch.conf file to tell linux where to get the login information from:
passwd: files sss ldap
shadow: files sss ldap
group: files sss ldap
After that run the command authconfig-gtk
Select:
User Account Database: ldap
Ldap base search DN: dc=domain,dc=com
ldap server: FQDN of ldap Server
Check the Box use TLS encryption
Add the correct url which points to the ladpcertificate.pem file. Normally this file is located on a webserver (https://internal.webserver.com/ladpcertificate.pem
Authentication configuration: ldap
If you want to create directly a new home directory for the new user you can go to the advanced tab and check the box “Create Home directories on first login”
reboot
Now you are done with the authentication part.