I'm trying
to set up openldapĀ + pam + sssd and everything seems to be
working except sssd is not able to use TLS to communicate with
my ldap server.
When I use ldap_auth_disable_tls_never_use_in_production=True,
everything works.
Here are the relevant log messages:
(Mon Jun 22 10:50:04 2015) [sssd[be[default]]]
[sdap_sys_connect_done] (0x0100): Executing START TLS
(Mon Jun 22 10:50:04 2015) [sssd[be[default]]]
[sdap_connect_done] (0x0080): START TLS result: Success(0),
(null)
(Mon Jun 22 10:50:04 2015) [sssd[be[default]]]
[sdap_connect_done] (0x0080): ldap_install_tls failed: [Connect
error] [TLS error -8157:Certificate extension not found.]
There's not much to be found on google, except this promising
RHKB entry that requires a subscription to see the solution.
https://access.redhat.com/solutions/185883
Can someone tell me what this error is supposed to be telling me
about what's wrong with my certificate?
Chris