I am finally able to get a working LDAP working with my LetsEncrypt certificates.
The links that help me tremendously is Loga.us blog. I followed most of the instructions except for the replication piece. Also this Archlinux page gave me what i needed to fix the issue I was having.
I am trying to set up Openldap and Kerberos on my server for several days now. Openldap is somewhat working since I am able to login via normal clients, however I am stuck with Heimdal.
Actually at first I went with the MIT version of Kerberos but after I read somewhere that it wasn’t a good idea I went with Heimdal instead. This is where trouble started. It seems like when I installed Heimdal ,It did not completely removed MIT . So I was left with a mess. It keeps on giving me an error that that the kdc could not be reach but I checked the firewall,nat seems to be working, netstat shows the server ports open also. It must be the dns. Restart dhcp server and client,no go. Searching web then I found out that I set the host name default in my kernel,is this it? Right now it’s set to my domain name. I am now updating my kernel to check this hypotheses.
I finally was able to recompile the kernel and It seems like the default hostname was a red herring. So I kept digging and I found out that Kerberos is really very sensitive to bad DNS configuration. I read somewhere that I need to set up split-DNS in order for it to work. So off I go to the PFsense documentation. And after I set it up! Bingo!