On Sat, Nov 05, 2016 at 12:14:14AM +0100, Michael Ströder wrote:
HI!
With sssd-ldap I always prefer to use LDAPS for encrypted LDAP connections
especially because I can seamlessly mix it with LDAPI (for accessing local slapd
replica).
This works with 1.13.x but not with 1.14.2.
Although the domain debug log shows
Option ldap_id_use_start_tls is FALSE
the syslog shows:
sssd[be[AE-DIR]]: Could not start TLS encryption. unknown error
Switching sssd.conf to use StartTLS everything works (CA cert ok etc.) but
that's not what I want (because LDAPI precludes using StartTLS).
Which platform do you use, maybe it is realted to
https://fedorahosted.org/sssd/ticket/3189 ?
HTH
bye,
Sumit