On bionic, with sssd 1.16.1-1ubuntu1.6, tshark is telling me that the connection in port 389 is using "GSS-API integrity": 83 177.024452189 10.51.0.5 _ 10.51.0.15 LDAP 112 bindResponse(3) saslBindInProgress 84 177.024514712 10.51.0.15 _ 10.51.0.5 LDAP 112 bindRequest(4) "<ROOT>" sasl 85 177.024804697 10.51.0.5 _ 10.51.0.15 LDAP 80 bindResponse(4) success 86 177.024966894 10.51.0.15 _ 10.51.0.5 LDAP 204 SASL GSS-API Integrity:
Ok, I got a 2889 event when I did a simple bind on port 389, which is expected. At least shows the logging seems fine. And once I configure TLS and use -ZZ on that simple bind, it works even on port 389. So what are the scenarios where sssd would use unencrypted connections on port 389? I think for nss, but in the AD scenario, these are all using gss-api integrity, no? Is this for setups where the AD integration from sssd is using just ldap, and not kerberos? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1868703 Title: Backport ad_use_ldaps because of ADV190023 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1868703/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
