Sumit Bose wrote:
> On Sat, Nov 05, 2016 at 12:14:14AM +0100, Michael Ströder wrote:
>> With sssd-ldap I always prefer to use LDAPS for encrypted LDAP connections
>> especially because I can seamlessly mix it with LDAPI (for accessing local
>> slapd replica).
>> This works with 1.13.x but not with 1.14.2.
>> Although the domain debug log shows
>> Option ldap_id_use_start_tls is FALSE
>> the syslog shows:
>> sssd[be[AE-DIR]]: Could not start TLS encryption. unknown error
>>
>> Switching sssd.conf to use StartTLS everything works (CA cert ok etc.) but
>> that's not what I want (because LDAPI precludes using StartTLS).
>
> Which platform do you use,
I'm using openSUSE Tumbleweed where libldap 2.4.44 is linked against OpenSSL 1.0.2j.
> maybe it is realted to
>
https://fedorahosted.org/sssd/ticket/3189 ?
Maybe yes, but I cannot tell for sure.
I tested libldap + openssl (on debian) and I could not reproduce bug #3189.
I could only reproduce with libldap + gnutls.
If you want you can test patch