Hello, Is it possible to force LDAPS instead of LDAP when connecting to the client's AD domain in a trust situation?
I'm sure that the _ldaps SRV must be added to AD (AD doesn't have one by default). It's not clear, though, whether I can make SSSD request the _ldaps SRV record. I tried setting 'ldap_dns_service_name=ldaps' in sssd.conf but tcpdump shows only _ldap SRV record requests still. I think that option affects only the IPA server connection not AD. Thanks in advance, Erik -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project