subject:"\[SSSD\-users\] Re\: sssd and TLS\/SSL after AD Microsoft Patch"

[SSSD-users] Re: sssd and TLS/SSL after AD Microsoft Patch

2020-03-29 Thread Arnau Bria

Hi Lukas, thanks for the explanation. After some more testing I found that sssd version 1.16 works with SSL even if the version of openldap are not compiled with SSL support. SSSD suddenly requires ldap_tls_cacert to find the CA, even when you use SSL (ldaps in the uri). Does it make any sense?

[SSSD-users] Re: sssd and TLS/SSL after AD Microsoft Patch

2020-03-27 Thread Lukas Slebodnik

On (27/03/20 16:12), Arnau Bria wrote: >Hi all, > >something I've found is that the openldap behaivour I've described really >depend on the openldap version. With versions older that 2.4.44-15 (in SL) >openldap only knows about Mozilla DB whereas in newer version it fallsback >to OpenSSL and openld

[SSSD-users] Re: sssd and TLS/SSL after AD Microsoft Patch

2020-03-27 Thread Arnau Bria

Hi all, something I've found is that the openldap behaivour I've described really depend on the openldap version. With versions older that 2.4.44-15 (in SL) openldap only knows about Mozilla DB whereas in newer version it fallsback to OpenSSL and openldap then reads the certificates from the PKI s

[SSSD-users] Re: sssd and TLS/SSL after AD Microsoft Patch

2020-03-26 Thread John Beranek

On Thu, 26 Mar 2020 at 13:00, Arnau Bria wrote: > > Hi John, > > first of all thanks for your answer. > > I'm not and AD/LDAP/SSSD expert, sorry in advance for my ignorance. I'm certainly no expert, I was just pointing you in the direction of a recent thread on this topic. > this is what I unders

[SSSD-users] Re: sssd and TLS/SSL after AD Microsoft Patch

2020-03-26 Thread Arnau Bria

Hi John, first of all thanks for your answer. I'm not and AD/LDAP/SSSD expert, sorry in advance for my ignorance. this is what I understand: those changes might require to use LDAP with TLS either with START_TLS on > the LDAP port or using LDAPS. I understand that we have to enforce TLS or L

[SSSD-users] Re: sssd and TLS/SSL after AD Microsoft Patch

2020-03-26 Thread John Beranek

On Thu, 26 Mar 2020 at 11:47, Arnau Bria wrote: > Dear all, > > we're preparing our sssd service to be fully compliant with the patch the > Microsfot will release soon and that will make AD reject any communication > that is not encrypted. ( *ADV190023 >

[SSSD-users] Re: sssd and TLS/SSL after AD Microsoft Patch

[SSSD-users] Re: sssd and TLS/SSL after AD Microsoft Patch

[SSSD-users] Re: sssd and TLS/SSL after AD Microsoft Patch

[SSSD-users] Re: sssd and TLS/SSL after AD Microsoft Patch

[SSSD-users] Re: sssd and TLS/SSL after AD Microsoft Patch

[SSSD-users] Re: sssd and TLS/SSL after AD Microsoft Patch

6 matches

Site Navigation

Mail list logo

Footer information