FreeIPA unable to connect via ldaps

Issues related to applications and software problems
Post Reply
rsherry
Posts: 1
Joined: 2020/10/05 19:04:35

FreeIPA unable to connect via ldaps

Post by rsherry » 2020/10/05 19:24:07

I have a freeipa server version 4.6.6 and my clients on centos 7 are running sssd-ipa-1.16.4-37.el7_8.4.x86_64

My clients are connecting via ldap and tls authentication.

I want to be able to authenticate and talk via secure ldap port 636 since the 389 port has been shut down on the firewall. I have changed the client's sssd.conf to connect to ldap_uri = https://
also tried http://<host> :636

Openldap conf is also configured correctly, pointing to the https ldap url.
nmap from the client to the server show the port available. Telnet also connects.

Restarting sssd service I still see that it is trying to connect to http:// and ldap servers are not available.
I thought something with cache would be the issue, so cleared out the sssd cache and same problem, unable to connect to the server.

What could I be missing? Appreciate any suggestions and/or solutions.

User avatar
TrevorH
Forum Moderator
Posts: 29719
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: FreeIPA unable to connect via ldaps

Post by TrevorH » 2020/10/06 06:58:32

It uses starttls over port 389 not SSL over 636.
CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

Post Reply

Return to “CentOS 7 - Software Support”