[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Openldap and sssd: getting slapd to do TLS negotiation or getting sssd to NOT do TLS negotiation



Will these spit out useful error messages?  If I just get "TLS Negotiation 
failure" it is not going to be helpful.

At Thu, 28 Sep 2017 12:29:19 -0700 Quanah Gibson-Mount <quanah@symas.com> wrote:

> 
> --On Thursday, September 28, 2017 3:34 PM -0400 Robert Heller 
> <heller@deepsoft.com> wrote:
> 
> 
> > Slapd is reporting TLS Negotiation failure when SSSD tries to connect to
> > it.   For both port 389 (ldap:///) and 636 (ldaps:///).  So I guess
> > something is  wrong with slapd's TLS configuration -- it is failing to do
> > TLS Negotiation,  either it is just not doing it or it is doing it wrong
> > (somehow).  Unless SSSD  is not configured properly.
> 
> You need to start with the following:
> 
> >> ldapwhoami -x -ZZ -H ldap://myhost:389 -D binddn -w
> 
> to test startTLS
> 
> and
> 
> ldapwhoami -x -H ldaps://myhost:636 -D binddn -w
> 
> to test without startTLS
> 
> If you can get those to work, then you can move on to SSSD.
> 
> --Quanah
> 
> --
> 
> Quanah Gibson-Mount
> Product Architect
> Symas Corporation
> Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
> <http://www.symas.com>
> 
>                                                                             

-- 
Robert Heller             -- 978-544-6933
Deepwoods Software        -- Custom Software Services
http://www.deepsoft.com/  -- Linux Administration Services
heller@deepsoft.com       -- Webhosting Services