In this case you can remove or comment out TLS_CACERT and TLS_CACERTDIR entries We set it to never to bypass any problems that are related to TLS certificate features. TLS_REQCERT parameter that indicates how strict the client needs are to enforce TLS security.
If you have configured a DNS or updated your /etc/hosts file then you may use hostname instead of IPĪlternatively here you can choose to add TLS_REQCERT never Here I have provided by BaseCDN and ldap_uri which is the IP of my ldap-server. You may modify the values based on your environment. Ldap_tls_cacertdir = /etc/openldap/cacerts Configure LDAP client to authenticate with LDAP server using SSSDĬreate a new /etc/sssd/nf file (if not present) or remove everything and add the below content to use TLS of ldap communication: ~]# cat /etc/sssd/nf If you are planning to use SSL, then I will share the sample sssd configuration for SSL as well.Ĭreate /etc/openldap/cacerts on the ldap-client (you may choose to use any other directory) ~]# mkdir /etc/openldap/cacertsĬopy the ca.cert.pem from ldap-server to ldap-client ~]# scp /etc/openldap/cacerts/ca.cert.pem ldap-client:/etc/openldap/cacerts/ca.cert.pemģ. We will use TLS configuration to connect to the LDAP server which we had configured in previous article.
0 kommentar(er)
