On Fri, Aug 12, 2016 at 12:05:46PM -0400, Douglas Duckworth wrote: > Clarification > > This works: > > ldapsearch -x -ZZ -H ldap://blah dc=blah-x uid=me -d3 > > Again says expired certificate. > > I set ldap_uri = ldaps://blah, ldap://blah and ldap_tls_reqcert = never in > sssd.conf but still failure.
To be honest I'm not sure if setting the tls_reqcert value to never only hides the trust issues or also expiration issues. btw the ldapsearch is for ldap:// with TLS, but SSSD is asked for ldaps://, does sssd work with ldap:// only? (if you need confidentiality for identity lookups you can set ldap_id_use_start_tls. For authentication, TLS will be tried automatically, SSSD doesn't support authentication over an unencrypted channel) _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/admin/lists/[email protected]
