Sumit Bose wrote:
On Sat, Nov 05, 2016 at 12:14:14AM +0100, Michael Ströder wrote:
> With sssd-ldap I always prefer to use LDAPS for encrypted LDAP connections
> especially because I can seamlessly mix it with LDAPI (for accessing local
> slapd replica).
> This works with 1.13.x but not with 1.14.2.
> Although the domain debug log shows
> Option ldap_id_use_start_tls is FALSE
> the syslog shows:
> sssd[be[AE-DIR]]: Could not start TLS encryption. unknown error
>
> Switching sssd.conf to use StartTLS everything works (CA cert ok etc.) but
> that's not what I want (because LDAPI precludes using StartTLS).
Which platform do you use,
I'm using openSUSE Tumbleweed where libldap 2.4.44 is linked against OpenSSL 1.0.2j.
Maybe yes, but I cannot tell for sure.
Ciao, Michael.