<div dir="ltr"><div>Already set nsslapd:sceruity off on server 1 <> server 2</div><div><br></div><div>BUt still produce error on replication. Is it possible to ignore any cert / start tLS ? </div><div><br></div><div>/var/log/dirsrv/slapd-PKI-IPA</div><div>[28/Apr/2016:16:51:15 +0800] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected)</div><div><br></div><div>[26/Apr/2016:18:35:31 +0800] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 107 (Transport endpoint is not connected)</div></div><div class="gmail_extra"><br><div class="gmail_quote">2016-04-28 16:15 GMT+08:00 Martin Basti <span dir="ltr"><<a href="mailto:mbasti@redhat.com" target="_blank">mbasti@redhat.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"><span>
<br>
<br>
<div>On 28.04.2016 08:00, Barry wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>NOT work tried ..cannot bind the command 389 or 636 ,,,but
telnet work</div>
<div><br>
</div>
<div>EOFnsslapd-security: offreplace:
nsslapd-securitychangetype: modifydn: cn=configldapmodify -h
ms -p 636 -D cn="Directory Manager" -w << EOF</div>
<div><br>
</div>
<div>ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)</div>
<div><br>
</div>
</div>
</blockquote></span>
can you please try to put FQDN name of LDAP server to option -h ?<br>
I have doubts that -h 'ms' is server name<span class="HOEnZb"><font color="#888888"><br>
<br>
Martin</font></span><div><div class="h5"><br>
<br>
<blockquote type="cite">
<div class="gmail_extra"><br>
<div class="gmail_quote">2016-04-27 19:29 GMT+08:00 <span dir="ltr"><<a href="mailto:barrykfl@gmail.com" target="_blank">barrykfl@gmail.com</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid">
<p dir="ltr">thx let me try as i dont want stop dirsrv but
live disable nsslapd security.</p>
<div>
<div>
<div class="gmail_quote">2016年4月27日 下午7:26 於 "David
Kupka" <<a href="mailto:dkupka@redhat.com" target="_blank">dkupka@redhat.com</a>>
寫道:<br type="attribution">
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid">On
27/04/16 13:15, <a href="mailto:barrykfl@gmail.com" target="_blank">barrykfl@gmail.com</a>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid">
Do u meant use ldapmodify?<br>
I tried update the dse.ldif but it will fall back
after a while.<br>
<br>
2016年4月27日 下午7:10 於 "David Kupka" <<a href="mailto:dkupka@redhat.com" target="_blank"><a href="mailto:dkupka@redhat.com" target="_blank">dkupka@redhat.com</a><br>
<mailto:<a href="mailto:dkupka@redhat.com" target="_blank">dkupka@redhat.com</a>>>
寫道:<br>
<br>
On 27/04/16 12:48, <a href="mailto:barrykfl@gmail.com" target="_blank">barrykfl@gmail.com</a>
<mailto:<a href="mailto:barrykfl@gmail.com" target="_blank">barrykfl@gmail.com</a>>
wrote:<br>
<br>
Hi:<br>
<br>
Without restarting dirsrv possible do that
?<br>
<br>
<br>
thx Regards<br>
<br>
barry<br>
<br>
<br>
<br>
<br>
Hello Barry,<br>
<br>
this ldapsearch should list all attributes
that needs restart after<br>
modification:<br>
<br>
$ ldapsearch -D "cn=Directory Manager" -w
Secret123 -b cn=config<br>
nsslapd-requiresrestart<br>
<br>
I don't see nsslapd-security listed so it
should be possible to change it in<br>
runtime.<br>
<br>
--<br>
David Kupka<br>
<br>
</a></blockquote>
<br>
Yes, I mean ldapmodify.<br>
<br>
Editing dse.ldif while dirsrv is running has no
effect because it is read only at start and written
at least before exit.<br>
<br>
If you REALLY need to edit dse.ldif be sure to stop
dirsrv then edit it and start dirsrv again.<br>
<br>
-- <br>
David Kupka<br>
</blockquote>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
</blockquote>
<br>
</div></div></div>
</blockquote></div><br></div>