12 Feb
2021
12 Feb
'21
9:27 a.m.
Mike Conner via FreeIPA-users wrote:
The certificate for the AD secure ldap server is also current (ad.domain.edu:636).
It would only be binding to IPA for ipa-getkeytab. I don't know how sssd invokes it.
But you should be able to see a failed TLS connection in the 389-ds logs which could help point the way.
rob