Thanks everyone for the useful responses. I've documented this topic
here:
http://www.harrysufehmi.com/phpwiki/index.php/OpenLDAPinteroperability#ol-to-ad
However, I still have one problem with it - slurpd failed to replicate
with the following error message:
"TLS certificate verification: Error, unable to get local issuer
certificate"
More details attached to this post.
The following is the relevant parts of my slapd.conf :
=======================
TLSCipherSuite HIGH:MEDIUM:+SSLv3
TLSCertificateFile /etc/keys/openldap1-server-crt.pem
TLSCertificateKeyFile /etc/keys/private/openldap1-server-key.pem
TLSCACertificateFile /etc/keys/cacert.pem
TLSVerifyClient allow
replica uri=ldaps://10.11.20.13:636
binddn="cn=administrator,cn=users,dc=bcc,dc=test"
bindmethod=sasl saslmech=GSSAPI
replogfile /usr/local/openldap/var/openldap-replog
=======================
The CA certificate is in /etc/keys/cacert.pem, with 644 permission.
According to various sources on Internet, that error message means
that slurpd wasn't able to find the CA certificate.
However:
# it's in the right location
# it's got the right permission
# I'm quite sure that it's the right certificate extracted from the
Certificate Authority
I'm fresh out of ideas at the moment, so I really appreciate it if
anyone can throw some more clues to my direction.