HI!
With sssd-ldap I always prefer to use LDAPS for encrypted LDAP connections
especially because I can seamlessly mix it with LDAPI (for accessing local slapd
replica).
This works with 1.13.x but not with 1.14.2.
Although the domain debug log shows
Option ldap_id_use_start_tls is FALSE
the syslog shows:
sssd[be[AE-DIR]]: Could not start TLS encryption. unknown error
Switching sssd.conf to use StartTLS everything works (CA cert ok etc.) but
that's not what I want (because LDAPI precludes using StartTLS).
Ciao, Michael.
Attachments:
- smime.p7s
(application/pkcs7-signature — 3.7 KB)
Show replies by thread