[SSSD-users] Re: 1.14.2 insists on using StartTLS

Sumit Bose wrote: > On Sat, Nov 05, 2016 at 12:14:14AM +0100, Michael Ströder wrote: >> With sssd-ldap I always prefer to use LDAPS for encrypted LDAP connections >> especially because I can seamlessly mix it with LDAPI (for accessing local >> slapd replica). >> This works with 1.13.x but not with 1.14.2. >> Although the domain debug log shows >> Option ldap_id_use_start_tls is FALSE >> the syslog shows: >> sssd[be[AE-DIR]]: Could not start TLS encryption. unknown error >> >> Switching sssd.conf to use StartTLS everything works (CA cert ok etc.) but >> that's not what I want (because LDAPI precludes using StartTLS). > > Which platform do you use, I'm using openSUSE Tumbleweed where libldap 2.4.44 is linked against OpenSSL 1.0.2j. > maybe it is realted to > https://fedorahosted.org/sssd/ticket/3189 ? Maybe yes, but I cannot tell for sure.