Jeff White
2017-10-02 18:01:14 UTC
I'm attempting to enable LDAP server TLS certificate validation with
"ldap_tls_reqcert = demand". However, when I set that value to anything
other than "never", sssd does not work. By that I mean sssd will start
as normal but no ID lookups are successful and I see "Input/output
error" in the log. This occurs regardless of what CA certificate chain
I give it (via ldap_tls_cacert). I have even tried using a known
working chain that I use to access yum repos which uses TLS certificates
from the same CA as our Active Directory.
Any ideas?
libsss_sudo-1.14.0-43.el7_3.11.x86_64
libsss_autofs-1.14.0-43.el7_3.11.x86_64
sssd-proxy-1.14.0-43.el7_3.11.x86_64
sssd-ad-1.14.0-43.el7_3.11.x86_64
sssd-1.14.0-43.el7_3.11.x86_64
libsss_nss_idmap-1.14.0-43.el7_3.11.x86_64
sssd-krb5-common-1.14.0-43.el7_3.11.x86_64
sssd-ldap-1.14.0-43.el7_3.11.x86_64
libsss_idmap-1.14.0-43.el7_3.11.x86_64
python-sssdconfig-1.14.0-43.el7_3.11.noarch
sssd-client-1.14.0-43.el7_3.11.x86_64
sssd-common-pac-1.14.0-43.el7_3.11.x86_64
sssd-krb5-1.14.0-43.el7_3.11.x86_64
sssd-ipa-1.14.0-43.el7_3.11.x86_64
sssd-common-1.14.0-43.el7_3.11.x86_64
"ldap_tls_reqcert = demand". However, when I set that value to anything
other than "never", sssd does not work. By that I mean sssd will start
as normal but no ID lookups are successful and I see "Input/output
error" in the log. This occurs regardless of what CA certificate chain
I give it (via ldap_tls_cacert). I have even tried using a known
working chain that I use to access yum repos which uses TLS certificates
from the same CA as our Active Directory.
Any ideas?
libsss_sudo-1.14.0-43.el7_3.11.x86_64
libsss_autofs-1.14.0-43.el7_3.11.x86_64
sssd-proxy-1.14.0-43.el7_3.11.x86_64
sssd-ad-1.14.0-43.el7_3.11.x86_64
sssd-1.14.0-43.el7_3.11.x86_64
libsss_nss_idmap-1.14.0-43.el7_3.11.x86_64
sssd-krb5-common-1.14.0-43.el7_3.11.x86_64
sssd-ldap-1.14.0-43.el7_3.11.x86_64
libsss_idmap-1.14.0-43.el7_3.11.x86_64
python-sssdconfig-1.14.0-43.el7_3.11.noarch
sssd-client-1.14.0-43.el7_3.11.x86_64
sssd-common-pac-1.14.0-43.el7_3.11.x86_64
sssd-krb5-1.14.0-43.el7_3.11.x86_64
sssd-ipa-1.14.0-43.el7_3.11.x86_64
sssd-common-1.14.0-43.el7_3.11.x86_64
--
Jeff White
HPC Systems Engineer
Information Technology Services - WSU
Jeff White
HPC Systems Engineer
Information Technology Services - WSU