Comment 19 for bug 1921494

Hello Matthew Hi Sergio,
i have now tested Fedora 34 and it is working without delete ldap_tls_cipher_suite setting
the only thing i change in the sssd.conf is

ldap_tls_cacert = /etc/pki/tls/certs/ca-bundle.crt

i have tested a fresh installed focal and yes the cipher suite parameter is the problem (when disabled it´s work)

i attach the fedora log, and here i see the first time this: "is a secure channel. No need to run START_TLS" maybe this helps

sssd.x86_64 2.5.2-2.fc34 @updates
sssd-ad.x86_64 2.5.2-2.fc34 @updates
sssd-client.x86_64 2.5.2-2.fc34 @updates
sssd-common.x86_64 2.5.2-2.fc34 @updates
sssd-common-pac.x86_64 2.5.2-2.fc34 @updates
sssd-ipa.x86_64 2.5.2-2.fc34 @updates
sssd-kcm.x86_64 2.5.2-2.fc34 @updates
sssd-krb5.x86_64 2.5.2-2.fc34 @updates
sssd-krb5-common.x86_64 2.5.2-2.fc34 @updates
sssd-ldap.x86_64 2.5.2-2.fc34 @updates
sssd-nfs-idmap.x86_64 2.5.2-2.fc34 @updates
sssd-proxy.x86_64 2.5.2-2.fc34 @updates