[Pkg-sssd-devel] Bug#1021990: /usr/sbin/sssd: Bullseye error message "Could not start TLS encryption. (unknown error code)" when libldap-common is not installed

Alexander Merkle support-alexander.merkle at lauterbach.com
Tue Oct 18 13:14:28 BST 2022 

Package: sssd-common
Version: 2.4.1-2
Severity: normal
File: /usr/sbin/sssd
X-Debbugs-Cc: support-alexander.merkle at lauterbach.com

Dear Maintainer,

I noticed after a fresh installation of bullseye (using debootstrap) the package 'libldap-common' is not installed.
Thus sssd / libldap.so  does not find the certificate storage which is defined in /etc/ldap/ldap.conf.

Thus without libldap-common installed sssd reports
  Could not start TLS encryption. (unknown error code)
. I found the following ticket in the sssd issue tracking 
  https://github.com/SSSD/sssd/issues/5444
which sounds like the same problem.

Workarounds:
1) install libdap-common manually
2) configure ldap_tls_cacert = <yourfile>.pem manually in sssd.conf

May be libldap-common should be added to the dependency list of sssd in bullseye.
By the way the problem does not exist when I debootstrap a debian stretch/buster/bookworm.

-- System Information:
Debian Release: 11.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-18-amd64 (SMP w/4 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages sssd-common depends on:
ii  adduser            3.118
ii  libc-ares2         1.17.1-1+deb11u1
ii  libc6              2.31-13+deb11u4
ii  libdbus-1-3        1.12.24-0+deb11u1
ii  libdhash1          0.6.1-2
ii  libglib2.0-0       2.66.8-1
ii  libgssapi-krb5-2   1.18.3-6+deb11u2
ii  libini-config5     0.6.1-2
ii  libkeyutils1       1.6.1-2
ii  libkrb5-3          1.18.3-6+deb11u2
ii  libldap-2.4-2      2.4.57+dfsg-3+deb11u1
ii  libldb2            2:2.2.3-2~deb11u2
ii  libnfsidmap2       0.25-6
ii  libnl-3-200        3.4.0-1+b1
ii  libnl-route-3-200  3.4.0-1+b1
ii  libp11-kit0        0.23.22-1
ii  libpam0g           1.4.0-9+deb11u1
ii  libpcre3           2:8.39-13
ii  libpopt0           1.18-2
ii  libref-array1      0.6.1-2
ii  libselinux1        3.1-3
ii  libsemanage1       3.1-1+b2
ii  libssl1.1          1.1.1n-0+deb11u3
ii  libsss-certmap0    2.4.1-2
ii  libsss-idmap0      2.4.1-2
ii  libsss-nss-idmap0  2.4.1-2
ii  libsystemd0        247.3-7+deb11u1
ii  libtalloc2         2.3.1-2+b1
ii  libtdb1            1.4.3-1+b1
ii  libtevent0         0.10.2-1
ii  python3            3.9.2-3
ii  python3-sss        2.4.1-2

Versions of packages sssd-common recommends:
ii  bind9-host  1:9.16.33-1~deb11u1
ii  libnss-sss  2.4.1-2
ii  libpam-sss  2.4.1-2

Versions of packages sssd-common suggests:
ii  apparmor     2.13.6-10
pn  libsss-sudo  <none>
ii  sssd-tools   2.4.1-2

-- no debconf information

More information about the Pkg-sssd-devel mailing list