[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Openldap and sssd: getting slapd to do TLS negotiation or getting sssd to NOT do TLS negotiation

To: Openldap Technical <openldap-technical@openldap.org>
Subject: Re: Openldap and sssd: getting slapd to do TLS negotiation or getting sssd to NOT do TLS negotiation
From: Michael Ströder <michael@stroeder.com>
Date: Fri, 29 Sep 2017 22:22:13 +0200
In-reply-to: <9A30A12BCCD5F53936A07409@[192.168.1.30]>
Openpgp: id=43C8730E84A20E560722806C07DC7AE36A8BC938
References: <20170928170817.DE268732A40@sharky3.deepsoft.com> <20170928183434.C52377323F2@sharky3.deepsoft.com> <WM!d02d61414b21d1174b6888ab449c4269fa38d934004f76ade936b18cd00ea29eb903d4c22a82e75a76373bb72667b68d!@mailstronghold-3.zmailcloud.com> <5A6DACC51CF6F5156270C77F@192.168.1.30> <20170928194148.9B6D973231B@sharky3.deepsoft.com> <WM!998283649fcae77a95b6b69f15c9fdc63edbf085a57860d7ed2bc236107d109afc67b09918790895e2d93d8e26a16af4!@mailstronghold-2.zmailcloud.com> <C2C09B0F4B5C887D285C17BB@192.168.1.30> <WM!8a5b012eff4d73b4fb61ed7c37f2d4f394f7656c7ff73cf2aff9d57d89f7ff62caf9782a501949babf0541aabf43bf7b!@mailstronghold-1.zmailcloud.com> <a70b6004cb634858a74e11ba19d68b0f@DM5PR06MB3097.namprd06.prod.outlook.com> <CAAKHBK=9bJt8wwV6Rg3=LF8MndVyCEufO0wy2QR8UNAVbUbMDw@mail.gmail.com> <WM!918b99f6d1434d477757937e2447f74ba6af27b9f33738bdde7ac448ac01950caaec156adc38885b6e4ae1fc3c4b5f8b!@mailstronghold-1.zmailcloud.com> <9A30A12BCCD5F53936A07409@[192.168.1.30]>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:51.0) Gecko/20100101 SeaMonkey/2.48

Quanah Gibson-Mount wrote:
> --On Thursday, September 28, 2017 5:37 PM -0400 Douglas Duckworth
> <dod2014@med.cornell.edu> wrote:
>> What would you recommend as a replacement for SSSD?  I am running it
>> across Centos 6 and 7 clients without any issue using TLS.
> 
> There is nss-pam-ldapd/nslcd.

YMMV - each implementation has its pros and cons:

nslcd supports hosts etc. maps but not sudoers.

sssd supports caching sudoers "map".

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

References:
- Openldap and sssd: getting slapd to do TLS negotiation or getting sssd to NOT do TLS negotiation
  - From: Robert Heller <heller@deepsoft.com>
- Re: Openldap and sssd: getting slapd to do TLS negotiation or getting sssd to NOT do TLS negotiation
  - From: Robert Heller <heller@deepsoft.com>
- Re: Openldap and sssd: getting slapd to do TLS negotiation or getting sssd to NOT do TLS negotiation
  - From: Robert Heller <heller@deepsoft.com>
- Re: Openldap and sssd: getting slapd to do TLS negotiation or getting sssd to NOT do TLS negotiation
  - From: Douglas Duckworth <dod2014@med.cornell.edu>
- Re: Openldap and sssd: getting slapd to do TLS negotiation or getting sssd to NOT do TLS negotiation
  - From: Quanah Gibson-Mount <quanah@symas.com>

Prev by Date: Re: Openldap and sssd: getting slapd to do TLS negotiation or getting sssd to NOT do TLS negotiation
Next by Date: Re: Openldap periodic cpu spikes in one of the servers in two node MMR
Index(es):
- Chronological
- Thread