I can't connect sssd (2.0.0, CentOS 8) with old tls 1.0 only ldap (MacOS X 10.6 server).
Working, so this should be possible:
openssl s_client -connect snow.cologne.intradesys.com:ldaps -tls1
In /etc/openldap/ldap.conf i have the option to set TLS_PROTOCOL_MIN 3.1 (= TLS 1.0)
But looking at:
man sssd-ldap
i have a lot of ldap_tls_... parameters, but non to downgrade to TLS 1.0
So i get /var/log/sssd/sssd_default.log:
/var/log/sssd/sssd_default.log[sss_ldap_init_sys_connect_done] (0x0020): ldap_install_tls failed: [Connect error] [error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol]
Just found another and more appropriate solution with the same effect.
update-crypto-policies --set LEGACY
systemctl restart sssd
Job done.