On (26/01/21 12:56), Todor Petkov wrote:
>Hello,
>
>I am trying to configure SSSD on Ubuntu 20.04 against 389-DS server with
>self-signed certificate. Upon starting sssd, I get this message in
>/var/log/syslog :
>Could not start TLS encryption. Key usage violation in certificate has been
>detected
>
>
>I tried adding the following lines in the domain section of sssd.conf, but to
>no avail:
>certificate_verification = no_verification
>ldap_tls_reqcert = allow
>
>Can someone advise, how can I turn certificate check off? SSSD version is
>2.2.3-3ubuntu0.2
>
I would recommend to validate even self-signed certificate.
You needn't rely on system trust chain.
man sssd-ldap says:
ldap_tls_cacert (string)
Specifies the file that contains certificates for all of the
Certificate Authorities that sssd will recognize.
Default: use OpenLDAP defaults, typically in
/etc/openldap/ldap.conf
LS
_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
