Will these spit out useful error messages? If I just get "TLS Negotiation failure" it is not going to be helpful.
At Thu, 28 Sep 2017 12:29:19 -0700 Quanah Gibson-Mount <[email protected]> wrote: > > --On Thursday, September 28, 2017 3:34 PM -0400 Robert Heller > <[email protected]> wrote: > > > > Slapd is reporting TLS Negotiation failure when SSSD tries to connect to > > it. For both port 389 (ldap:///) and 636 (ldaps:///). So I guess > > something is wrong with slapd's TLS configuration -- it is failing to do > > TLS Negotiation, either it is just not doing it or it is doing it wrong > > (somehow). Unless SSSD is not configured properly. > > You need to start with the following: > > >> ldapwhoami -x -ZZ -H ldap://myhost:389 -D binddn -w > > to test startTLS > > and > > ldapwhoami -x -H ldaps://myhost:636 -D binddn -w > > to test without startTLS > > If you can get those to work, then you can move on to SSSD. > > --Quanah > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com> > > -- Robert Heller -- 978-544-6933 Deepwoods Software -- Custom Software Services http://www.deepsoft.com/ -- Linux Administration Services [email protected] -- Webhosting Services
