LDAP is working fine. I can query no problems with ldapsearch search,
sssd just won't accept the exact same certificate.
--
Jeff White
HPC Systems Engineer
Information Technology Services - WSU
On 10/02/2017 11:07 AM, Jakub Hrozek wrote:
On Mon, Oct 02, 2017 at 11:01:14AM -0700, Jeff White wrote:
> I'm attempting to enable LDAP server TLS certificate validation with
> "ldap_tls_reqcert = demand". However, when I set that value to anything
> other than "never", sssd does not work. By that I mean sssd will start as
> normal but no ID lookups are successful and I see "Input/output error" in
> the log. This occurs regardless of what CA certificate chain I give it (via
> ldap_tls_cacert). I have even tried using a known working chain that I use
> to access yum repos which uses TLS certificates from the same CA as our
> Active Directory.
>
> Any ideas?
I usually find it easiest to debug TLS issues with ldapsearch -ZZZ (just
make sure to set up the right environment variables to point to the same
certs as sssd is using)
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org