--On Thursday, September 28, 2017 3:34 PM -0400 Robert Heller
<[email protected]> wrote:
Slapd is reporting TLS Negotiation failure when SSSD tries to connect to
it. For both port 389 (ldap:///) and 636 (ldaps:///). So I guess
something is wrong with slapd's TLS configuration -- it is failing to do
TLS Negotiation, either it is just not doing it or it is doing it wrong
(somehow). Unless SSSD is not configured properly.
You need to start with the following:
ldapwhoami -x -ZZ -H ldap://myhost:389 -D binddn -w
to test startTLS
and
ldapwhoami -x -H ldaps://myhost:636 -D binddn -w
to test without startTLS
If you can get those to work, then you can move on to SSSD.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
