[Pkg-sssd-devel] Bug#840617: Bug#840617: sssd-ldap STARTTLS issue; plain ldapsearch -ZZ works

[Timo Aaltonen]

On 15.10.2016 04:55, Roberto C. Sánchez wrote:
> On Thu, Oct 13, 2016 at 11:51:52AM +0200, Francesco Malvezzi wrote:
>> Package: sssd-ldap
>> Version: 1.14.1-1
>> Severity: important
>>
>> Dear Maintainer,
>>
>> pam-sss doesn't allow login to LDAP users:
>>
> 
> I too am affected by this.  I just installed stretch on a new laptop (I
> need the newer kernel for hardware support) and when I configured sssd
> it simply didn't work.  All my other machines (running jessie) work
> fine.  I don't use LDAP for authentication (Kerberos handles that for
> me), but I do use it for user information.  So, getent and id would not
> work.  The problem (on the LDAP side) manifested itself by terminating
> the connection with this message: "An unexpected TLS packet was
> received".
> 
> I obtained the 1.13.4-3 packages of the various sssd components and
> after I installed them everything worked.
> 
> If there is something I can do to help identify the problem, please let
> me know.

this is filed upstream https://fedorahosted.org/sssd/ticket/3189

"
The pristine log actually looks like if sssd was crashing..could you
please check for sssd_be crashes in the syslog?

The failure in the "revert" log doesn't tell me much except that sssd is
thinking it cannot contact the LDAP server. Here I would like to ask for
strace logs, as described in
​https://fedorahosted.org/sssd/wiki/DevelTips#UsingstracetotracktheSSSDprocesses
"

So could you provide such logs? Here or on the upstream ticket.


-- 
t