Hi Lukas, Thanks for taking a look at this! I updated this to remove specific mention to the flag used to disable TLS. Thats a very good point and honestly I'm not even sure how I came across that in the first place! Thank you for the clarification on ldaps vs start_tls too. Looking forward to adding more scenarios and captures to this!
-Tom On Fri, Jul 28, 2017 at 6:39 AM, Lukas Slebodnik <lsleb...@redhat.com> wrote: > On (27/07/17 15:30), Tom Peterson wrote: > >Hi All, > > > >First off thank you for all the hard work put into SSSD! It's been a great > >piece of software to work with and seems like it has a configuration > >setting for just about anything that can be thrown at it! > > > >We use SSSD at work and I've helped troubleshoot a few instances of > >authenticating against an external LDAP server. I setup a little lab to > >collect captures of some different config settings. My initial set is > >around different TLS scenarios: > > > >https://support.cloudshark.org/kb/sssd-activedirectory-captures.html > > > It looks very good. > > >All of the raw capture files can be downloaded after opening them by going > >to 'Export -> Download File'. > > > >I'll be adding to this and have a few more scenarios in mind I want to > >explore. If anyone has any feedback or suggestions on things they would > >like to see please let me know!I Hoping someone finds this little > >contribution of captures useful. > > > > I would prefer if ldap_auth_disable_tls_never_use_in_production > was not advertised. This option is intentionally hidden in all sssd > documentation. > > BTW It is not required to use ldaps(636) because sssd use start_tls > before each authentication even with ldap(389). > > And after enabling option ldap_id_use_start_tls it would be used even > with id_provider and not jsut with auth_provider. > > >And once again, thank you for all the work put into SSSD! > > > Thank you :-) > > LS > _______________________________________________ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org >
_______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
