Hi, I'm getting a weird behavior in LDAP with TLS.
Using: openldap Linux Red Hat Sssd Nslcd When I issue a ' ldapsearch -x ZZ', it works flawlessly but when issue a `getent passwd`, I get back the system users in /etc/passwd file but I don't see the ldap users. The openldap.log indicates the following when I issue the 'getent passwd' command connection_read(14): TLS accept failure error=-1 id=1037 But it does not give any errors when doing the ldapsearch -x ZZ. So, if I have TLS not correctly configured, shouldn't it not work completely? Here's my sssd.conf: [domain/local] debug_level = 9 ldap_id_use_start_tls = True cache_credentials = True ldap_search_base = dc=wh,dc=local id_provider = ldap auth_provider = ldap chpass_provider = ldap ldap_uri = ldap://127.0.0.1/ ldap_tls_cacert = /certs/cacert.pem [sssd] services = nss, pam config_file_version = 2 domains = local [nss] [pam] [sudo] [autofs] [ssh] Here's my nslcd.conf: uri ldap://127.0.0.1/ base dc=wh,dc=local ssl start_tls tls_cacertfile /certs/cacert.pem tls_reqcert hard Here's my /etc/openldap/ldap.conf: TLS_CACERT /certs/cacert.pem TLS_REQCERT hard URI ldap://127.0.0.1/ BASE dc=wh,dc=local This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Verio Inc. makes no warranty that this email is error or virus free. Thank you.
