Jakub Hrozek wrote: > AD uses referrals quite aggressively and at the same time, the > referral handling in openldap is not super-fast. I don't know exactly > why the referrals would cause a TLS failure, I suspect some of the > servers an entry referred to were simply not reachable from your > client. > > btw disabling referrals is also suggested in our upstream > documentation: > https://docs.pagure.org/SSSD.sssd/users/ldap_with_ad.html
Yes, in general client-side chasing of LDAPv3 referrals does not make sense. AFAICS the referrals returned by MS AD are of no use for sssd. Wouldn't pointing SSSD to global catalog port make more sense? Depending on the client-side attribute mapping this might need tweaking of the attribute set replicated to global catalog though. Ciao, Michael.
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
