cannot make it working with google workspace

[ut0mt8]

Hi there,

I follow the configuration here https://support.google.com/a/answer/9089736?hl=en#zippy=%2Copenldap-ldapsearch-linux%2Copenvpn-community-version

My conf is

<LDAP>
        URL     ldaps://ldap.google.com:636
        Timeout         15
        TLSEnable  no
        FollowReferrals yes
        TLSCACertDir    /etc/ssl/certs
        TLSCertFile /etc/openvpn/keys/ldap-client.crt
        TLSKeyFile /etc/openvpn/keys/ldap-client.key
 </LDAP>

<Authorization>
      BaseDN "dc=mycorp,dc=com"
      SearchFilter "(uid=%u)"
      RequireGroup false
</Authorization>

with the plugin configured in openvpn I have a common error :

LDAP search failed: Can't contact LDAP server ((unknown error code))

tought using ldapsearch it worked well. I ended using a shell script like this but this not very satisfying :

#!/bin/bash

export LDAPTLS_CIPHER_SUITE='NORMAL:!VERS-TLS1.3'
export LDAPTLS_CERT=/etc/openvpn/keys/ldap-client.crt
export LDAPTLS_KEY=/etc/openvpn/keys/ldap-client.key

readarray -t lines < $1

name=${lines[0]}
pass=${lines[1]}

base='dc=corp,dc=com'
host='ldaps://ldap.google.com'

dn=$(ldapsearch -LLL -H $host -b $base "(&(objectclass=posixAccount)(uid=$name))" dn 2>/dev/null | grep dn: | sed 's/dn: //')
ldapsearch -LLL -x -D "$dn" -w $pass -H $host -b $base -s sub "(uid=$name)" mail > /dev/null 2>&1

if [ "$?" = "0" ]; then
  echo "ok"
  exit 0
else
  echo "ko"
  exit 1
fi