thanks for your help and the time you invest.
But my configuration is a bit different from the creator of this ticket.
We have only the same error message ;(
Sorry if that didn't come across clearly in the past.
I can't and didn't want to connect to this domain, we only use sssd with ldap as provider
I sent you my sssd.conf last week, but here is the relevant part
I try differtent settings with ldap_tls_cacertdir or ldap_tls_cacer (only the domain root crt or the ca-certificates.crt but it ends with the same error the same with different ldap_tls_reqcert settings
I have attached a screenshot of the working ldapsearch
( ldapsearch -x -b "dc=xx,dc=xx,dc=xx" -H ldaps://xx.xx.xx:636 -D user@domain -W "objectclass=*" -d1
Hello Sergio, Hello Matthew
thanks for your help and the time you invest.
But my configuration is a bit different from the creator of this ticket.
We have only the same error message ;(
Sorry if that didn't come across clearly in the past.
I can't and didn't want to connect to this domain, we only use sssd with ldap as provider
I sent you my sssd.conf last week, but here is the relevant part
[sssd] retries = 3
config_file_version = 2
domains = xxx
services = nss,pam,ssh
reconnection_
#debug_level = 5
[pam]
[nss] ftp,games, haldaemon, lp,mail, messagebus, nobody, ntp,polkituser, postfix, root,sshd, wwwrun, at,dergraf, abix,amboscl, sysnrpe, dnsmasq, hpsmh,ambosrtu, vmon,man, news,uucp daemon, sys,tty, disk,lp, www,kmem, wheel,mail, news,uuscp, shadow, dialout, audio,floppy, cdrom,console, utmp,public, video,games, xok,trusted, modem,ftp, man,users, nobody, nogroup, messagebus, haldaemon, sshd,tape, postfix, maildrop, polkituser, ntp,at, dergraf, abix,amboscl, sysnrpe, hpsmh,ambosrtu, vmon,winbind, ntadmin
filter_users = bin,daemon,
filter_groups = root,bin,
[domain/xxx] /xx.xx. de:636, range_min = 100000000 range_max = 2100000000 range_size = 2000000000 default_ domain_ sid = S-1-5-21- 32142354- 212345234- 839522115 default_ domain = xx.xx.de group_members = True autorid_ compat = True bind_dn = xxx authtok_ type = obfuscated_password authtok = xxx qualified_ names = False certs/Domain- Root.crt use_start_ tls = True cipher_ suite = ECDHE-RSA- AES256- GCM-SHA384
#debug_level = 7
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
access_provider = simple
ldap_uri = ldaps:/
ldap_search_base = dc=xx,dc=xx,dc=xx
ldap_schema = ad
ldap_id_mapping = True
fallback_homedir = /home/%u@%d
default_shell = /bin/bash
ldap_idmap_
ldap_idmap_
ldap_idmap_
ldap_idmap_
ldap_idmap_
enumerate = False
ignore_
ldap_idmap_
ldap_default_
ldap_default_
ldap_default_
use_fully_
case_sensitive = false
ldap_tls_cacertdir = /etc/ssl/certs
#ldap_tls_cacert = /etc/ssl/
ldap_id_
ldap_tls_reqcert = demand
ldap_tls_
simple_allow_groups = xxx
sudo_provider = ldap
autofs_provider = ldap
resolver_provider = ldap
I try differtent settings with ldap_tls_cacertdir or ldap_tls_cacer (only the domain root crt or the ca-certificates.crt but it ends with the same error the same with different ldap_tls_reqcert settings
I have attached a screenshot of the working ldapsearch /xx.xx. xx:636 -D user@domain -W "objectclass=*" -d1
( ldapsearch -x -b "dc=xx,dc=xx,dc=xx" -H ldaps:/