thanks for your prompt reply. I have attached the sssd-default logfile.
The cacert dir has been rehashed using cacertdir_rehash command.
I have tried the "ldap_tls_cacert" parameter as well - no luck.
I have also tried TLS and SSL ldap client configs - again - no luck.
I believe I have done the openssl and ldapsearch tests as per ssd and ldap web docs to confirm that the certificates and TLS are working correctly.
John.
On 08/21/2013 11:01 AM, Stephen Gallagher wrote:
I have to ask the obvious question: does it work if you set 'ldap_tls_reqcert = allow'? This could suggest that your /etc/openldap/cacerts directory isn't properly set up. You may have forgotten to run 'cacertdir_rehash /etc/openldap/cacerts' or to put the CA cert in that directory at all.
I'd like to see more of the SSSD logs than just (Wed Aug 21 08:27:45 2013) [sssd[be[default]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing!
because that's not a useful piece of the log (it doesn't tell me what it tried to do before it failed). Including the preceding 50-100 lines would be better. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlIVAGEACgkQeiVVYja6o6PTFwCgnDMBDlnP/1ZrJ1C8+of1uJVV r7sAn3l0zVm6Qd5E1+PgmZy9A3WyERE5 =44TE -----END PGP SIGNATURE-----