On Tue, Nov 19, 2019 at 09:38:55AM +0200, Todor Petkov wrote:
I am trying to configure sssd authentication on Debian 10.2, sssd
1.16.3, against 389-ds with self-signed certificate.
In /etc/sssd/sssd.conf I have the line "ldap_tls_reqcert = never"
line, but when I start sssd manually on the command line, it says "
[sss_ldap_init_sys_connect_done] (0x0020): ldap_install_tls failed:
[Connect error] [Key usage violation in certificate has been
Can someone give me a hint how to teach sssd to ignore the certificate?
IIRC the reqcert option only allows you to suppress the CA chain
verification, so the cert doesn't then have to be signed by a trusted
CA. But it still has to have the key usage bits set to allow for TLS