Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 715609

Summary: Certificate validation fails with message "Connection error: TLS: hostname does not match CN in peer certificate"
Product: Red Hat Enterprise Linux 6 Reporter: Kaushik Banerjee <kbanerje>
Component: sssdAssignee: Stephen Gallagher <sgallagh>
Status: CLOSED ERRATA QA Contact: Chandrasekar Kannan <ckannan>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 6.2CC: benl, dpal, grajaiya, jgalipea, jhrozek, jn, prc, sbose
Target Milestone: rcKeywords: Regression
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: sssd-1.5.1-42.el6 Doc Type: Bug Fix
Doc Text:
Do not document
 Story Points: ---
Clone Of:
: 748849 (view as bug list) Environment:
Last Closed: 2011-12-06 16:38:54 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 748849    

Description Kaushik Banerjee 2011-06-23 13:45:25 UTC 
Description of problem:
Certificate validation fails with message "Connection error: TLS: hostname does not match CN in peer certificate".

Version-Release number of selected component (if applicable):
sssd-1.5.1-40.el6.i686

How reproducible:
Always

Steps to Reproduce:
1. Configure sssd with the config file as follows:
# cat /etc/sssd/sssd.conf
[sssd]
config_file_version = 2
reconnection_retries = 3
sbus_timeout = 30
services = nss, pam
domains = LDAP
debug_level = 9

[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3
debug_level = 9

[pam]
reconnection_retries = 3
debug_level = 9

[domain/LDAP]
debug_level = 9
id_provider = ldap
ldap_uri = ldaps://cobra.lab.eng.pnq.redhat.com
ldap_search_base = dc=example,dc=com
auth_provider = ldap
ldap_tls_cacert = /etc/openldap/cacerts/cacert.asc


2 . Try to auth as a user on the ldap server.
# ssh -l kaushik2 localhost
kaushik2@localhost's password: 
Permission denied, please try again.
kaushik2@localhost's password: 

  
Actual results:
Auth fails.

/var/log/sssd/sssd_LDAP.log shows:
(Thu Jun 23 10:56:54 2011) [sssd[be[LDAP]]] [sbus_dispatch] (9): dbus conn: 9AB5678
(Thu Jun 23 10:56:54 2011) [sssd[be[LDAP]]] [sbus_dispatch] (9): Dispatching.
(Thu Jun 23 10:56:54 2011) [sssd[be[LDAP]]] [sbus_message_handler] (9): Received SBUS method [getAccountInfo]
(Thu Jun 23 10:56:54 2011) [sssd[be[LDAP]]] [be_get_account_info] (4): Got request for [4097][1][name=kaushik2]
(Thu Jun 23 10:56:54 2011) [sssd[be[LDAP]]] [sdap_id_op_connect_step] (9): beginning to connect
(Thu Jun 23 10:56:54 2011) [sssd[be[LDAP]]] [fo_resolve_service_send] (4): Trying to resolve service 'LDAP'
(Thu Jun 23 10:56:54 2011) [sssd[be[LDAP]]] [get_server_status] (7): Status of server 'cobra.lab.eng.pnq.redhat.com' is 'name not resolved'
(Thu Jun 23 10:56:54 2011) [sssd[be[LDAP]]] [get_server_status] (4): Hostname resolution expired, reseting the server status of 'cobra.lab.eng.pnq.redhat.com'
(Thu Jun 23 10:56:54 2011) [sssd[be[LDAP]]] [set_server_common_status] (4): Marking server 'cobra.lab.eng.pnq.redhat.com' as 'name not resolved'
(Thu Jun 23 10:56:54 2011) [sssd[be[LDAP]]] [get_port_status] (7): Port status of port 636 for server 'cobra.lab.eng.pnq.redhat.com' is 'neutral'
(Thu Jun 23 10:56:54 2011) [sssd[be[LDAP]]] [get_server_status] (7): Status of server 'cobra.lab.eng.pnq.redhat.com' is 'name not resolved'
(Thu Jun 23 10:56:54 2011) [sssd[be[LDAP]]] [resolv_gethostbyname_send] (4): Trying to resolve A record of 'cobra.lab.eng.pnq.redhat.com'
(Thu Jun 23 10:56:54 2011) [sssd[be[LDAP]]] [schedule_timeout_watcher] (9): Scheduling DNS timeout watcher
(Thu Jun 23 10:56:54 2011) [sssd[be[LDAP]]] [set_server_common_status] (4): Marking server 'cobra.lab.eng.pnq.redhat.com' as 'resolving name'
(Thu Jun 23 10:56:54 2011) [sssd[be[LDAP]]] [unschedule_timeout_watcher] (9): Unscheduling DNS timeout watcher
(Thu Jun 23 10:56:54 2011) [sssd[be[LDAP]]] [set_server_common_status] (4): Marking server 'cobra.lab.eng.pnq.redhat.com' as 'name resolved'
(Thu Jun 23 10:56:54 2011) [sssd[be[LDAP]]] [be_resolve_server_done] (4): Found address for server cobra.lab.eng.pnq.redhat.com: [10.65.201.57]
(Thu Jun 23 10:56:54 2011) [sssd[be[LDAP]]] [sdap_uri_callback] (6): Constructed uri 'ldaps://10.65.201.57:636'
(Thu Jun 23 10:56:54 2011) [sssd[be[LDAP]]] [sdap_get_rootdse_send] (9): Getting rootdse
(Thu Jun 23 10:56:54 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (6): calling ldap_search_ext with [(objectclass=*)][].
(Thu Jun 23 10:56:54 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [*]
(Thu Jun 23 10:56:54 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [altServer]
(Thu Jun 23 10:56:54 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [namingContexts]
(Thu Jun 23 10:56:54 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [supportedControl]
(Thu Jun 23 10:56:54 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [supportedExtension]
(Thu Jun 23 10:56:54 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [supportedFeatures]
(Thu Jun 23 10:56:54 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [supportedLDAPVersion]
(Thu Jun 23 10:56:54 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [supportedSASLMechanisms]
(Thu Jun 23 10:56:54 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [defaultNamingContext]
(Thu Jun 23 10:56:54 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [lastUSN]
(Thu Jun 23 10:56:54 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [highestCommittedUSN]
(Thu Jun 23 10:56:54 2011) [sssd[be[LDAP]]] [sdap_ldap_connect_callback_add] (9): New LDAP connection to [ldaps://10.65.201.57:636] with fd [25].
(Thu Jun 23 10:56:54 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (3): ldap_search_ext failed: Can't contact LDAP server
(Thu Jun 23 10:56:54 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (3): Connection error: TLS: hostname does not match CN in peer certificate
(Thu Jun 23 10:56:54 2011) [sssd[be[LDAP]]] [fo_set_port_status] (4): Marking port 636 of server 'cobra.lab.eng.pnq.redhat.com' as 'not working'
(Thu Jun 23 10:56:54 2011) [sssd[be[LDAP]]] [sdap_handle_release] (8): Trace: sh[0x9ab9030], connected[1], ops[(nil)], ldap[0x9ab9068], destructor_lock[0], release_memory[0]
(Thu Jun 23 10:56:54 2011) [sssd[be[LDAP]]] [remove_connection_callback] (9): Successfully removed connection callback.
(Thu Jun 23 10:56:54 2011) [sssd[be[LDAP]]] [fo_resolve_service_send] (4): Trying to resolve service 'LDAP'
(Thu Jun 23 10:56:54 2011) [sssd[be[LDAP]]] [get_server_status] (7): Status of server 'cobra.lab.eng.pnq.redhat.com' is 'name resolved'
(Thu Jun 23 10:56:54 2011) [sssd[be[LDAP]]] [get_port_status] (7): Port status of port 636 for server 'cobra.lab.eng.pnq.redhat.com' is 'not working'
(Thu Jun 23 10:56:54 2011) [sssd[be[LDAP]]] [fo_resolve_service_send] (1): No available servers for service 'LDAP'
(Thu Jun 23 10:56:54 2011) [sssd[be[LDAP]]] [sdap_id_op_connect_done] (1): Failed to connect, going offline (5 [Input/output error])
(Thu Jun 23 10:56:54 2011) [sssd[be[LDAP]]] [be_mark_offline] (8): Going offline!
(Thu Jun 23 10:56:54 2011) [sssd[be[LDAP]]] [be_run_offline_cb] (3): Going offline. Running callbacks.
(Thu Jun 23 10:56:54 2011) [sssd[be[LDAP]]] [sdap_id_op_connect_done] (9): notify offline to op #1
(Thu Jun 23 10:56:54 2011) [sssd[be[LDAP]]] [acctinfo_callback] (4): Request processed. Returned 1,11,Offline
(Thu Jun 23 10:56:54 2011) [sssd[be[LDAP]]] [sdap_id_release_conn_data] (9): releasing unused connection
(Thu Jun 23 10:56:56 2011) [sssd[be[LDAP]]] [sbus_dispatch] (9): dbus conn: 9AAD710
(Thu Jun 23 10:56:56 2011) [sssd[be[LDAP]]] [sbus_dispatch] (9): Dispatching.
(Thu Jun 23 10:56:56 2011) [sssd[be[LDAP]]] [sbus_message_handler] (9): Received SBUS method [ping]
(Thu Jun 23 10:56:58 2011) [sssd[be[LDAP]]] [sbus_dispatch] (9): dbus conn: 9AB5678
(Thu Jun 23 10:56:58 2011) [sssd[be[LDAP]]] [sbus_dispatch] (9): Dispatching.
(Thu Jun 23 10:56:58 2011) [sssd[be[LDAP]]] [sbus_message_handler] (9): Received SBUS method [getAccountInfo]
(Thu Jun 23 10:56:58 2011) [sssd[be[LDAP]]] [be_get_account_info] (4): Got request for [4097][1][name=kaushik2]
(Thu Jun 23 10:56:58 2011) [sssd[be[LDAP]]] [be_get_account_info] (4): Request processed. Returned 1,11,Fast reply - offline
(Thu Jun 23 10:56:58 2011) [sssd[be[LDAP]]] [sbus_dispatch] (9): dbus conn: 9AB5678
(Thu Jun 23 10:56:58 2011) [sssd[be[LDAP]]] [sbus_dispatch] (9): Dispatching.
(Thu Jun 23 10:56:58 2011) [sssd[be[LDAP]]] [sbus_message_handler] (9): Received SBUS method [getAccountInfo]
(Thu Jun 23 10:56:58 2011) [sssd[be[LDAP]]] [be_get_account_info] (4): Got request for [4097][1][name=kaushik2]
(Thu Jun 23 10:56:58 2011) [sssd[be[LDAP]]] [be_get_account_info] (4): Request processed. Returned 1,11,Fast reply - offline
(Thu Jun 23 10:56:58 2011) [sssd[be[LDAP]]] [sbus_dispatch] (9): dbus conn: 9AB5678
(Thu Jun 23 10:56:58 2011) [sssd[be[LDAP]]] [sbus_dispatch] (9): Dispatching.
(Thu Jun 23 10:56:58 2011) [sssd[be[LDAP]]] [sbus_message_handler] (9): Received SBUS method [getAccountInfo]
(Thu Jun 23 10:56:58 2011) [sssd[be[LDAP]]] [be_get_account_info] (4): Got request for [4097][1][name=kaushik2]
(Thu Jun 23 10:56:58 2011) [sssd[be[LDAP]]] [be_get_account_info] (4): Request processed. Returned 1,11,Fast reply - offline

Expected results:
Auth should succeed.

Additional info:
Comment 3 Sumit Bose 2011-06-24 10:03:49 UTC 
Corresponding upstream ticket https://fedorahosted.org/sssd/ticket/905 .
Comment 5 Kaushik Banerjee 2011-09-22 06:27:30 UTC 
Certificate validation and auth succeeds now.

# ssh -l kau20 localhost
kau20@localhost's password: 
Last login: Thu Sep 22 11:48:40 2011 from localhost
Could not chdir to home directory /home/kau20: No such file or directory
-sh-4.1$ logout
Connection to localhost closed.

/var/log/sssd/sssd_LDAP.log shows:
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sbus_dispatch] (9): dbus conn: 1EB7B00
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sbus_dispatch] (9): Dispatching.
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sbus_message_handler] (9): Received SBUS method [getAccountInfo]
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [be_get_account_info] (4): Got request for [4097][1][name=kau20]
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_id_op_connect_step] (9): beginning to connect
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [fo_resolve_service_send] (4): Trying to resolve service 'LDAP'
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [get_server_status] (7): Status of server 'lion.lab.eng.pnq.redhat.com' is 'name not resolved'
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [get_port_status] (7): Port status of port 636 for server 'lion.lab.eng.pnq.redhat.com' is 'neutral'
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [get_server_status] (7): Status of server 'lion.lab.eng.pnq.redhat.com' is 'name not resolved'
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [resolv_is_address] (9): [lion.lab.eng.pnq.redhat.com] does not look like an IP address
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [resolv_gethostbyname_step] (8): Querying files
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [resolv_gethostbyname_files_send] (4): Trying to resolve A record of 'lion.lab.eng.pnq.redhat.com' in files
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [set_server_common_status] (4): Marking server 'lion.lab.eng.pnq.redhat.com' as 'resolving name'
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [resolv_gethostbyname_step] (8): Querying files
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [resolv_gethostbyname_files_send] (4): Trying to resolve AAAA record of 'lion.lab.eng.pnq.redhat.com' in files
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [resolv_gethostbyname_next] (5): No more address families to retry
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [resolv_gethostbyname_step] (8): Querying DNS
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [schedule_timeout_watcher] (9): Scheduling DNS timeout watcher
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [resolv_gethostbyname_dns_query] (4): Trying to resolve A record of 'lion.lab.eng.pnq.redhat.com' in DNS
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [unschedule_timeout_watcher] (9): Unscheduling DNS timeout watcher
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [resolv_gethostbyname_dns_parse] (7): Parsing an A reply
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [set_server_common_status] (4): Marking server 'lion.lab.eng.pnq.redhat.com' as 'name resolved'
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [be_resolve_server_done] (4): Found address for server lion.lab.eng.pnq.redhat.com: [10.65.201.54] TTL 300
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_uri_callback] (6): Constructed uri 'ldaps://lion.lab.eng.pnq.redhat.com'
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sss_ldap_init_send] (9): Using file descriptor [26] for LDAP connection.
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_ldap_connect_callback_add] (9): New LDAP connection to [ldaps://lion.lab.eng.pnq.redhat.com:636/??base] with fd [26].
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_get_rootdse_send] (9): Getting rootdse
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (6): calling ldap_search_ext with [(objectclass=*)][].
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [*]
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [altServer]
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [namingContexts]
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [supportedControl]
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [supportedExtension]
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [supportedFeatures]
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [supportedLDAPVersion]
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [supportedSASLMechanisms]
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [defaultNamingContext]
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [lastUSN]
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [highestCommittedUSN]
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (8): ldap_search_ext called, msgid = 1
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_process_result] (8): Trace: sh[0x1ebc630], connected[1], ops[0x1f4db90], ldap[0x1ebcbe0]
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_process_result] (8): Trace: ldap_result found nothing!
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_process_result] (8): Trace: sh[0x1ebc630], connected[1], ops[0x1f4db90], ldap[0x1ebcbe0]
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_parse_entry] (9): OriginalDN: [].
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_process_result] (8): Trace: sh[0x1ebc630], connected[1], ops[0x1f4db90], ldap[0x1ebcbe0]
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_get_generic_done] (6): Search result: Success(0), (null)
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_get_rootdse_done] (9): Got rootdse
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_get_server_opts_from_rootdse] (5): No known USN scheme is supported by this server!
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_get_server_opts_from_rootdse] (5): Will use modification timestamp as usn!
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [simple_bind_send] (4): Executing simple bind as: (null)
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [simple_bind_send] (8): ldap simple bind sent, msgid = 2
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_process_result] (8): Trace: sh[0x1ebc630], connected[1], ops[0x1f4e500], ldap[0x1ebcbe0]
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_process_result] (8): Trace: ldap_result found nothing!
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_process_result] (8): Trace: sh[0x1ebc630], connected[1], ops[0x1f4e500], ldap[0x1ebcbe0]
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [simple_bind_done] (5): Server returned no controls.
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [simple_bind_done] (3): Bind result: Success(0), (null)
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [fo_set_port_status] (4): Marking port 636 of server 'lion.lab.eng.pnq.redhat.com' as 'working'
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [set_server_common_status] (4): Marking server 'lion.lab.eng.pnq.redhat.com' as 'working'
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_id_op_connect_done] (9): notify connected to op #1
(Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (6): calling ldap_search_ext with [(&(uid=kau20)(objectclass=posixAccount))][dc=example,dc=com].
Comment 6 Kaushik Banerjee 2011-09-22 06:28:16 UTC 
Verified in version:

# rpm -qi sssd | head
Name        : sssd                         Relocations: (not relocatable)
Version     : 1.5.1                             Vendor: Red Hat, Inc.
Release     : 52.el6                        Build Date: Tue 20 Sep 2011 09:11:03 PM IST
Install Date: Wed 21 Sep 2011 03:07:04 PM IST      Build Host: x86-010.build.bos.redhat.com
Group       : Applications/System           Source RPM: sssd-1.5.1-52.el6.src.rpm
Size        : 3550647                          License: GPLv3+
Signature   : (none)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
URL         : http://fedorahosted.org/sssd/
Summary     : System Security Services Daemon
Comment 7 Jakub Hrozek 2011-10-27 16:03:15 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Do not document
Comment 8 errata-xmlrpc 2011-12-06 16:38:54 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1529.html