Is it possible to force LDAPS instead of LDAP when connecting to the
client's AD domain in a trust situation?

I'm sure that the _ldaps SRV must be added to AD (AD doesn't have one
by default).

It's not clear, though, whether I can make SSSD request the _ldaps SRV
record.  I tried setting 'ldap_dns_service_name=ldaps' in sssd.conf
but tcpdump shows only _ldap SRV record requests still.  I think that
option affects only the IPA server connection not AD.

Thanks in advance,

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to