Cannot start sssd service on ALMA Linux 9

I have a brand new ALMA Linux server:

Linux version 5.14.0-362.13.1.el9_3.x86_64 (mockbuild@x64-builder01.almalinux.org) (gcc (GCC) 11.4.1 20230605 (Red Hat 11.4.1-2), GNU ld version 2.35.2-42.el9) #1 SMP PREEMPT_DYNAMIC Thu Dec 21 07:12:43 EST 2023

I’m trying to start sssd service on this new server. My 389 Directory Server is running on CentOS 6. When I tried to start sssd, I’m getting below errors in /var/log/sssd/sssd_XYZLDAP.log:

 *  (2024-01-05 15:30:19): [be[XYZLDAP]] [sdap_process_result] (0x2000): Trace: sh[0x557f23c4bc60], connected[1], ops[0x557f23c4ab20], ldap[0x557f23c58b90]
   *  (2024-01-05 15:30:19): [be[XYZLDAP]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_EXTENDED]
   *  (2024-01-05 15:30:19): [be[XYZLDAP]] [sdap_connect_done] (0x0080): START TLS result: Success(0), Start TLS request accepted.Server willing to negotiate SSL.
   *  (2024-01-05 15:30:19): [be[XYZLDAP]] [sdap_connect_done] (0x0080): ldap_install_tls failed: [Connect error] [Start TLS request accepted.Server willing to negotiate SSL.]
   *  (2024-01-05 15:30:19): [be[XYZLDAP]] [sdap_op_destructor] (0x2000): Operation 1 finished
   *  (2024-01-05 15:30:19): [be[XYZLDAP]] [sdap_handle_release] (0x2000): Trace: sh[0x557f23c4bc60], connected[1], ops[(nil)], ldap[0x557f23c58b90], destructor_lock[0], release
_memory[0]
   *  (2024-01-05 15:30:19): [be[XYZLDAP]] [remove_connection_callback] (0x4000): Successfully removed connection callback.
   *  (2024-01-05 15:30:19): [be[XYZLDAP]] [_be_fo_set_port_status] (0x8000): Setting status: PORT_NOT_WORKING. Called from: src/providers/ldap/sdap_async_connection.c: sdap_cli_connect_done: 1665
   *  (2024-01-05 15:30:19): [be[XYZLDAP]] [fo_set_port_status] (0x0100): Marking port 389 of server 'd.example.com' as 'not working'
   *  (2024-01-05 15:30:19): [be[XYZLDAP]] [fo_set_port_status] (0x0400): Marking port 389 of duplicate server 'd.example.com' as 'not working'

Here is my sssd.conf:

[domain/XYZLDAP]
auth_provider = ldap
cache_credentials = true
description = example.com LDAP domain
dns_resolver_timeout = 5
entry_cache_timeout = 60
enumerate = true
id_provider = ldap
ldap_id_use_start_tls = true
ldap_netgroup_search_base = ou=netgroup,dc=example,dc=com
ldap_search_base = dc=example,dc=com
ldap_tls_cacert = /etc/openldap/cacerts/cacert.asc
ldap_tls_reqcert = allow
ldap_uri = ldap://d.example.com
lookup_family_order = ipv4_only

[domain/LDAP]
cache_credentials = true
id_provider = ldap

[pam]
debug_level = 5
offline_failed_login_attempts = 3
offline_failed_login_delay = 5
reconnection_retries = 3

[sssd]
config_file_version = 2
debug_level = 5
domains = LOCAL,XYZLDAP
reconnection_retries = 3
sbus_timeout = 30
services = pam,ssh

Do I need to upgrade my 389 Directory Server to Linux 9 distrubtion? For example, ALMA Linux 9?

EL9 has probably different set of cryptographic algorithms than EL6. Chapter 3. Using system-wide cryptographic policies Red Hat Enterprise Linux 9 | Red Hat Customer Portal

I read through the documentation provided. I’ll start building a new Alma Linux 9 directory server with current cryptographic algorithms. Thank you!