Hi guys!
Is there anyway I can force my SSSD clients running 1.9.5 (Ubuntu 12.04)
and 1.9.2 (CentOS 6) to bind to LDAPs (port 636) instead of LDAP (port 389)
when my providers are all set to "ad"?
Consequently, I'll need to specify a certificate to be used to verify the
server's authenticity.
I'm using service discovery and have SRV records in place on my domain
controllers.
Here's my config:
[sssd]
config_file_version = 2
debug_level = 0
reconnection_retries = 3
sbus_timeout = 30
services = nss, pam
domains = DOMAIN
[pam]
debug_level = 0
[nss]
debug_level = 0
filter_users =
root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm
filter_groups =
root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm
reconnection_retries = 3
[domain/DOMAIN]
debug_level = 0
ad_domain = DOMAIN.local
id_provider = ad
auth_provider = ad
chpass_provider = ad
access_provider = ad
enumerate = true
cache_credentials = true
fallback_homedir = /home/%u
dyndns_update = true
dyndns_update_ptr = true
ldap_schema = ad
ldap_id_mapping = true
Thanks!
-Chris