Hi, I’m getting a weird behavior in LDAP with TLS. Using: openldap Linux Red Hat Sssd Nslcd When I issue a ‘ ldapsearch –x ZZ’, it works flawlessly but when issue a `getent passwd`, I get back the system users in /etc/passwd file but I don’t see the ldap users. The openldap.log indicates the following when I issue the ‘getent passwd’ command connection_read(14): TLS accept failure error=-1 id=1037 But it does not give any errors when doing the ldapsearch –x ZZ. So, if I have TLS not correctly configured, shouldn’t it not work completely? Here’s my sssd.conf: [domain/local] debug_level = 9 ldap_id_use_start_tls = True cache_credentials = True ldap_search_base = dc=wh,dc=local id_provider = ldap auth_provider = ldap chpass_provider = ldap ldap_uri = ldap://127.0.0.1/ ldap_tls_cacert = /certs/cacert.pem [sssd] services = nss, pam config_file_version = 2 domains = local [nss] [pam] [sudo] [autofs] [ssh] Here’s my nslcd.conf: uri ldap://127.0.0.1/ base dc=wh,dc=local ssl start_tls tls_cacertfile /certs/cacert.pem tls_reqcert hard Here’s my /etc/openldap/ldap.conf: TLS_CACERT /certs/cacert.pem TLS_REQCERT hard URI ldap://127.0.0.1/ BASE dc=wh,dc=local
|