FR is able to bind with the LDAP server only if require_cert is set to "never", which makes me believe this is a certificate verification issue.
I tried to do a manual connect using openssl using
openssl s_client -connect ldap.example.org:636 -CAfile /usr/local/etc/raddb/certs/ca.example.org.pem -debug
which shows a Verify return code: 0 (ok)
Module is being called at the sites-enabled/default:
authorize {
....
-ldap_xxxxx
....
}
BTW: Why the "-" before the module name?
TIA