I'm trying to set up openldap + pam + sssd and everything seems to be
working except sssd is not able to use TLS to communicate with my ldap
server.
When I use ldap_auth_disable_tls_never_use_in_production=True,
everything works.
Here are the relevant log messages:
(Mon Jun 22 10:50:04 2015) [sssd[be[default]]] [sdap_sys_connect_done]
(0x0100): Executing START TLS
(Mon Jun 22 10:50:04 2015) [sssd[be[default]]] [sdap_connect_done]
(0x0080): START TLS result: Success(0), (null)
(Mon Jun 22 10:50:04 2015) [sssd[be[default]]] [sdap_connect_done]
(0x0080): ldap_install_tls failed: [Connect error] [TLS error
-8157:Certificate extension not found.]
There's not much to be found on google, except this promising RHKB entry
that requires a subscription to see the solution.
https://access.redhat.com/solutions/185883
Can someone tell me what this error is supposed to be telling me about
what's wrong with my certificate?
Chris