Centos client authenticate against zentyal DC via ldap

Question

I have a bit of a problem. 3 months ago we deployed a zentyal dc on my workplace because it was a good way of authenticating both windows, linux and mac against the same server. I got authentication on windows working like a charm. the ubuntu clients i authenticated via ldap, and they worked fine, but i ran into a problem with the next os.

on our centos clients i first tryed implementing the same ldap configs as on our ubuntu clients. I then tryed authenticating with winbind and kerberos. yaii that worked, but a big problem occured. When i ran getent passwd, I found out that the UID and GID are not matching up with the zentyal DC which means when i nfs mount the home folder, the users don't have permission to go into them, because the home folders have the zentyal dc's UID and GID. I researched that it had something to do with idmaps. I tryed some different aproaches, but gave up in the end.

This is why i think I should try the ldap again, since It worked on the ubuntu clients. So my question now is: how do I configure a centos 6-7 machine to authenticate against a zentyal DC via ldap?

my ldap.conf on the ubuntu machine looks like this:

base dc=mosek,dc=zentyal
uri ldap://172.16.0.5:390
ldap_version 3
binddn cn=zentyalro,dc=mosek,dc=zentyal
bindpw secretpasswd
scope sub
bind_policy soft
pam_password md5
nss_base_passwd         ou=Users,dc=mosek,dc=zentyal?one
nss_base_passwd         ou=Computers,dc=mosek,dc=zentyal?one
nss_initgroups_ignoreusers avahi,avahi-autoipd,backup,bin,colord,daemon,dnsmasq$

how do I convert this config into something that centos can use?

Things I have done so far:

ran authconfig-tui and set it up for ldap

/etc/openldap/ldap.conf and /etc/ldap.conf on centos client:

TLS_CACERTDIR /etc/openldap/cacerts
SASL_NOCANON    on
URI ldap://172.16.0.5:390
BASE dc=mosek,dc=zentyal

/etc/nsswitch.conf on centos client:

passwd:     files sss ldap
shadow:     files sss ldap
group:      files sss ldap

hosts:      files dns

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files sss

netgroup:   files sss ldap

publickey:  nisplus

automount:  files ldap
aliases:    files nisplus

running command ldapsearch -D "uid=tomas,ou=Users,dc=mosek,dc=zentyal" -Z -LLL -W uid=tomas

output:

ldap_start_tls: Protocol error (2)
    additional info: unsupported extended operation
Enter LDAP Password: 
dn: uid=tomas,ou=Users,dc=mosek,dc=zentyal
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: passwordHolder
objectClass: systemQuotas
objectClass: krb5Principal
objectClass: krb5KDCEntry
objectClass: shadowAccount
objectClass: zentyalSambaLink
uid: tomas
loginShell: /bin/bash
gidNumber: 1901
homeDirectory: /home/tomas
krb5PrincipalName: tomas@MOSEK.ZENTYAL
krb5MaxLife: 86400
krb5MaxRenew: 604800
krb5KDCFlags: 126
uidNumber: 3000044
....

rebooted the client, but still no user named tomas when running command id tomas

EDIT:

I edited my /etc/nslcd.conf to look like this:

# The user and group nslcd should run as.
uid nslcd
gid ldap

uri ldap://172.16.0.5:390

ldap_version 3

base dc=mosek,dc=zentyal

binddn cn=zentyalro,dc=mosek,dc=zentyal
bindpw secretpassword

# The distinguished name to perform password modifications by root by.
#rootpwmoddn cn=admin,dc=example,dc=com

# The default search scope.
scope sub

base   group  ou=Groups,dc=mosek,dc=zentyal?one
base   passwd ou=Users,dc=mosek,dc=zentyal?one

Still no users

EDIT:

I tried running nslcd in debug mode, and got this:

[root@centosy ~]# nslcd -d
nslcd: DEBUG: add_uri(ldap://172.16.0.5:390)
nslcd: version 0.8.13 starting
nslcd: DEBUG: unlink() of /var/run/nslcd/socket failed (ignored): No such file or directory
nslcd: DEBUG: initgroups("nslcd",55) done
nslcd: DEBUG: setgid(55) done
nslcd: DEBUG: setuid(65) done
nslcd: accepting connections

after the last line it just stucks, so it never picks up the ldap server