On Tue, 2011-11-22 at 10:14 -0500, sssd help wrote:
Thanks for the response Jakub,
I meant to update this last night. In my testing I installed
openldap-clients and attempted to do manual ldap searches. LDAPS
lookups were failing but LDAP lookups were fine. I noticed that our
RHEL6 machines were running a different version of openldap than our
6.1 machines. RHEL6 was running openldap-2.4.19 and RHEL6.1 was
running openldap-2.4.34. That turned out to be the issue. I rolled
back the version of openldap and SSSD 1.5.1-34 started working
brilliantly.
I dont know if this is a known issue or not. It doesnt seem like a
problem with SSSD, seems more like a problem with openldap, and
there's a slight chance it is a custom package because this is
actually Oracle Enterprise Linux 6.1 (aka rebranded RHEL6.1).
Sorry to make added noise in the mailing list but at least this will
be on the tubes if anyone else runs into this issue.
RHEL 6.0 shipped with a copy of openldap that was linked against
openssl. The version in RHEL 6.1 is now linked against Mozilla NSS (for
certification reasons). There were a few bugs with certificate
validation in early versions of 6.1, but I believe they were fixed in
either the final release or errata. I'm not sure if OEL's version
carries those fixes or not.