Re: Openldap and sssd: getting slapd to do TLS negotiation or getting sssd to NOT do TLS negotiation
--On Friday, September 29, 2017 5:03 PM -0400 Robert Heller heller@deepsoft.com wrote:
At Fri, 29 Sep 2017 10:29:11 -0700 Quanah Gibson-Mount quanah@symas.com wrote:
--On Friday, September 29, 2017 2:17 PM -0400 Robert Heller heller@deepsoft.com wrote:
Signature Algorithm: sha1WithRSAEncryptionThe above is probably your problem. I believe MozNSS will no longer accept SHA1 certs. This was in the link I sent you yesterday. Generate a more secure cert (I.e., SHA256 or higher).
I replaced the certs with SHA256 versions and it is still not working:
You need logs from SSSD detailing why it is failing to negotiate. As you noted before, ldapsearch/ldapwhoami etc work for you. If that is still the case now with your new certs, you will need to pursue support with RedHat, as this clearly is not an OpenLDAP issue. Sorry I can't be of any more help than that.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
openldap-technical@openldap.org
-
Quanah Gibson-Mount