Hi.

I am using rhel 6.3, with sssd-1.8.0 and openldap-servers-2.4.23-26, the kernel is 2.6.32-279.2.1.el6.x86_64.
The problem I'm having is I get this error message in messages file.

"sssd[be[default]]: Could not start TLS encryption. TLS error -5938:Encountered end of file"
 
I started sssd with debugging set to 9. Errors I saw in sssd_default.log is:

[dp_get_options] (0x0400): Option ldap_sasl_minssf has value -1
[get_port_status] (0x1000): Port status of port 389 for server 'ibm-01.flamengro.co.za' is 'not working'

When I add new users I cannot log in with the new names, a ldapseach shows them but getent passwd nothing.
Not all the users show up on my other machines either.

Any help will be appreciated.


My slapd.conf file looks like this.

include         /etc/openldap/schema/corba.schema
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/duaconf.schema
include         /etc/openldap/schema/dyngroup.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/java.schema
include         /etc/openldap/schema/misc.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/openldap.schema
include         /etc/openldap/schema/ppolicy.schema
include         /etc/openldap/schema/collective.schema

allow bind_v2

pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args

database        bdb
suffix          "dc=flamengro,dc=com"
checkpoint      1024 15
rootdn          "cn=Manager,dc=flamengro,dc=com"

rootpw  secret

directory       /var/lib/ldap/flamengro

index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub

database monitoraccess to *
        by dn.exact="cn=Manager,dc=flamengro,dc=com" read
        by * none
access to attrs=userPassword,shadowLastChange
        by anonymous auth
        by self write
        by * none

My sssd.conf file looks like this

[sssd]
config_file_version = 2

reconnection_retries = 3

sbus_timeout = 30
services = nss, pam

domains = default

[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3

[pam]
reconnection_retries = 3

[domain/default]
auth_provider = ldap
cache_credentials = True
ldap_id_use_start_tls = True
debug_level = 9
ldap_search_base = dc=flamengro,dc=com
# krb5_realm = EXAMPLE.COM
chpass_provider = ldap
id_provider = ldap
ldap_uri = ldap://ibm-01.flamengro.co.za
# krb5_kdcip = kerberos.example.com
ldap_tls_cacertdir = /etc/openldap/cacerts
enumerate = True
ldap_sasl_canonicalize = true
# krb5_server = kerberos.example.com