[SSSD-users] Re: Force LDAP SSL

I'm trying to force SSSD to only communicate encrypted, because of company rules. I think i'm missing something: SSSD configured with: id_provider = ad and DNS service resolution is enabled (default) I have tried about every combination of: ldap_id_use_start_tls = true ldap_service_port = 636 ldap_tls_reqcert = allow in sssd.conf [domain] section. However, I can see SSSD LDAP connection over port 389. # netstat -tanp | grep sssd_be tcp 0 0 172.16.5.202:53520 172.16.1.241:389 ESTABLISHED 18080/sssd_be Have I just missed something? Do I need to pull the certificates from AD to make it work. I'm not really interested in verifying the certificates but only ensuring an encrypted channel.