On Mon, Oct 02, 2017 at 11:01:14AM -0700, Jeff White wrote: > I'm attempting to enable LDAP server TLS certificate validation with > "ldap_tls_reqcert = demand". However, when I set that value to anything > other than "never", sssd does not work. By that I mean sssd will start as > normal but no ID lookups are successful and I see "Input/output error" in > the log. This occurs regardless of what CA certificate chain I give it (via > ldap_tls_cacert). I have even tried using a known working chain that I use > to access yum repos which uses TLS certificates from the same CA as our > Active Directory. > > Any ideas?
I usually find it easiest to debug TLS issues with ldapsearch -ZZZ (just make sure to set up the right environment variables to point to the same certs as sssd is using) _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
