LDAP is working fine. I can query no problems with ldapsearch search,
sssd just won't accept the exact same certificate.
--
Jeff White
HPC Systems Engineer
Information Technology Services - WSU
On 10/02/2017 11:07 AM, Jakub Hrozek wrote:
On Mon, Oct 02, 2017 at 11:01:14AM -0700, Jeff White wrote:
I'm attempting to enable LDAP server TLS certificate validation with
"ldap_tls_reqcert = demand". However, when I set that value to anything
other than "never", sssd does not work. By that I mean sssd will start as
normal but no ID lookups are successful and I see "Input/output error" in
the log. This occurs regardless of what CA certificate chain I give it (via
ldap_tls_cacert). I have even tried using a known working chain that I use
to access yum repos which uses TLS certificates from the same CA as our
Active Directory.
Any ideas?
I usually find it easiest to debug TLS issues with ldapsearch -ZZZ (just
make sure to set up the right environment variables to point to the same
certs as sssd is using)
_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
