RHEL 6.3 can not authenticate via OpenLDAP server using sssd encryption. How do we fix this?

Solution Verified - Updated -

Issue

When a Linux server tries to authenticate via an OpenLDAP server using sssd, it fails. Direct authentication without encryption works but SSH authentication doesn't work and the following error is logged:

Dec  6 16:06:27 server1 sssd[be[LDAP]]: Could not start TLS encryption. TLS error -8157:Certificate extension not found.

Using ldapsearch command makes the server freezes:

[root@server1 ~]# time ldapsearch -LLL -vvv -x -H ldaps://localhost -D uid=user1,cn=p,cn=users,dc=mmmm -W -b cn=users,dc=mmmm uid=user1
ldap_initialize( ldaps://localhost:636/??base )
Enter LDAP Password:

The command used to enable sssd was:

# authconfig --update --enablesssd --enablesssdauth

There is some evidences that points to the lack of encryption. SSSD does not support authentication over an unencrypted channel.

After following the solution How to configure openldap server with SSL/TLS on Red Hat Enterprise Linux 6?, and using ldapsearch, the issue persists. How can this be corrected?

Environment

  • Red Hat Enterprise Linux 6.3

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In