On (27/07/17 15:30), Tom Peterson wrote: >Hi All, > >First off thank you for all the hard work put into SSSD! It's been a great >piece of software to work with and seems like it has a configuration >setting for just about anything that can be thrown at it! > >We use SSSD at work and I've helped troubleshoot a few instances of >authenticating against an external LDAP server. I setup a little lab to >collect captures of some different config settings. My initial set is >around different TLS scenarios: > >https://support.cloudshark.org/kb/sssd-activedirectory-captures.html > It looks very good.
>All of the raw capture files can be downloaded after opening them by going >to 'Export -> Download File'. > >I'll be adding to this and have a few more scenarios in mind I want to >explore. If anyone has any feedback or suggestions on things they would >like to see please let me know!I Hoping someone finds this little >contribution of captures useful. > I would prefer if ldap_auth_disable_tls_never_use_in_production was not advertised. This option is intentionally hidden in all sssd documentation. BTW It is not required to use ldaps(636) because sssd use start_tls before each authentication even with ldap(389). And after enabling option ldap_id_use_start_tls it would be used even with id_provider and not jsut with auth_provider. >And once again, thank you for all the work put into SSSD! > Thank you :-) LS _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
