- Posted In
- Red Hat Enterprise Linux
I have been working on an issue with LDAP in our environment and wanted to pose a couple of questions about getting LDAP working properly on RHEL7 hosts.
We currently have a functional LDAP environment for some Unix/Solaris hosts that has been working for a while. However; at this point we do not have it running over SSL. All of the traffic is internal - and I realize this is not optimal.
However; when attempting to implement LDAP on Linux 7, I have been running into numerous issues. We had a scripted install, somewhat based off of the configuration of the other Unix/Solaris hosts.
At this point - I have one main question.. will unsecured LDAP even work with RHEL7 at all?
One of the main reasons I ask this (aside from the issues we are having) is this article I found:
The resolution for this specifc issue is: "In RHEL7 /etc/pam_ldap.conf has been deprecated. Instead of /etc/pam_ldap.conf use SSSD."
But this doesn't specifically say that 'SSSD' is required for LDAP to function, although it does lead me to suspect that it is. Even when I add "ldap_tls_reqcert = never" to the SSSD.CONF file, the logs still complain about TLS.
From the journal:
sssd[be[default]]: Could not start TLS encryption. error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
sssd[be[default]]: Backend is offline
And in sssd_nss.log:
[sssd[nss]] [sss_dp_get_reply] (0x0010): The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Offline]
I am attempting to troubleshoot this on an Oracle Enterprise Linux 7 server, although the problem is pretty much identical on our RedHat 7 hosts. I suspect the fix will be the same for both of them.
At this point - my primary question is if LDAP will work without TLS/SSL on RHEL7