On (26/01/21 12:56), Todor Petkov wrote:
I am trying to configure SSSD on Ubuntu 20.04 against 389-DS server with
self-signed certificate. Upon starting sssd, I get this message in
Could not start TLS encryption. Key usage violation in certificate has been
I tried adding the following lines in the domain section of sssd.conf, but to
certificate_verification = no_verification
ldap_tls_reqcert = allow
Can someone advise, how can I turn certificate check off? SSSD version is
I would recommend to validate even self-signed certificate.
You needn't rely on system trust chain.
man sssd-ldap says:
Specifies the file that contains certificates for all of the
Certificate Authorities that sssd will recognize.
Default: use OpenLDAP defaults, typically in