Re: Openldap and sssd: getting slapd to do TLS negotiation or getting sssd to NOT do TLS negotiation

Friday, 29 September 2017

--On Friday, September 29, 2017 5:03 PM -0400 Robert Heller 
<heller(a)deepsoft.com&gt; wrote:

...
 At Fri, 29 Sep 2017 10:29:11 -0700 Quanah Gibson-Mount
<quanah(a)symas.com&gt;
 wrote:

>
> --On Friday, September 29, 2017 2:17 PM -0400 Robert Heller
> <heller(a)deepsoft.com&gt; wrote:
>
> >     Signature Algorithm: sha1WithRSAEncryption
>
> The above is probably your problem.  I believe MozNSS will no longer
> accept  SHA1 certs.  This was in the link I sent you yesterday.
> Generate a more  secure cert (I.e., SHA256 or higher).

 I replaced the certs with SHA256 versions and it is still not working: 
You need logs from SSSD detailing why it is failing to negotiate.  As you 
noted before, ldapsearch/ldapwhoami etc work for you.  If that is still the 
case now with your new certs, you will need to pursue support with RedHat, 
as this clearly is not an OpenLDAP issue.  Sorry I can't be of any more 
help than that.

Regards,
Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007