<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 22/12/2016 14:08, Alexander Bokovoy
wrote:<br>
</div>
<blockquote cite="mid:20161222140800.shgp3du6wi25k6de@redhat.com"
type="cite">
<blockquote type="cite" style="color: #000000;">dn: cn=config
<br>
changetype: modify
<br>
replace: nsslapd-allowed-sasl-mechanisms
<br>
-
<br>
# accepted, but doesn't change the value of the attribute
<br>
<br>
So for now, I've set "nsslapd-allowed-sasl-mechanisms: GSSAPI
EXTERNAL". But that means this server is in a different config
state to its replica peers, which I wonder might bite me one
day.
<br>
</blockquote>
You can shut the server down (ipactl stop), change the value in
the
<br>
config (/etc/dirsrv/slapd-INSTANCE/dse.ldif) and start the server
again
<br>
(ipactl start).
</blockquote>
<p>Thank you. I looked in this file and the setting wasn't there!
But a bit more investigation showed that the following update
*does* update the config in dse.ldif:<br>
</p>
<br>
dn: cn=config<br>
changetype: modify<br>
replace: nsslapd-allowed-sasl-mechanisms<br>
-<br>
<br>
<br>
However the doesn't become visible until you restart the server.
Until then, doing an ldapsearch on cn=config returns the previous
value of this attribute.<br>
<br>
Anyway, all is good now.<br>
<br>
Thanks again,<br>
<br>
Brian.<br>
</body>
</html>