Hi,
did you try to set `ldap_library_debug_level = -1` (see 'man sssd-ldap')
and inspect /var/log/sssd/sssd_$domain.log?
It might give additional details.
On Wed, Feb 21, 2024 at 8:54 PM Johnnie W Adams <jxadams(a)ualr.edu> wrote:
We are connecting to an LDAP server. Thanks!
On Wed, Feb 21, 2024 at 1:53 PM Spike White <spikewhitetx(a)gmail.com>
wrote:
> Are you connecting an AD server or an LDAP server? If the former is
> ad_use_ldaps set to true or false?
>
> Spike
>
> On Wed, Feb 21, 2024 at 11:46 AM Johnnie W Adams <jxadams(a)ualr.edu>
> wrote:
>
>> Hi, folks,
>>
>>
>> So I've got a very puzzling situation. Just today, when I look at
>> sssd with systemctl status, I get this error: *Could not start TLS
>> encryption. error:1416F086:SSL
>> routines:tls_process_server_certificate:certificate verify failed (self
>> signed certificate in certificate chain)*
>>
>> However, when I run openssl s_client -showcerts -connect
>> ldap.example.com:636, it shows a completely valid, not-self-signed
>> certificate chain.
>>
>> This is happening on RHEL7 through 9. I'm puzzled. Anyone else have
>> ideas?
>>
>> Thanks,
>>
>> John A
>>
>> --
>> John Adams
>> Senior Linux/Middleware Administrator | Information Technology Services
>> +1-501-916-3010 | jxadams(a)ualr.edu |
http://ualr.edu/itservices
>> *UA Little Rock*
>>
>> Reminder: IT Services will never ask for your password over the phone
>> or in an email. Always be suspicious of requests for personal information
>> that come via email, even from known contacts. For more information or to
>> report suspicious email, visit IT Security
>> <
http://ualr.edu/itservices/security/>.
>> --
>> _______________________________________________
>> sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
>> To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
>> Fedora Code of Conduct:
>>
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives:
>>
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...
>> Do not reply to spam, report it:
>>
https://pagure.io/fedora-infrastructure/new_issue
>>
> --
> _______________________________________________
> sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct:
>
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
>
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...
> Do not reply to spam, report it:
>
https://pagure.io/fedora-infrastructure/new_issue
>
--
John Adams
Senior Linux/Middleware Administrator | Information Technology Services
+1-501-916-3010 | jxadams(a)ualr.edu |
http://ualr.edu/itservices
*UA Little Rock*
Reminder: IT Services will never ask for your password over the phone or
in an email. Always be suspicious of requests for personal information that
come via email, even from known contacts. For more information or to
report suspicious email, visit IT Security
<
http://ualr.edu/itservices/security/>.
--
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue