[Freeipa-users] can live turn off nsslapd-security: to off ?
Martin Basti
mbasti at redhat.com
Thu Apr 28 08:15:37 UTC 2016
On 28.04.2016 08:00, Barry wrote:
> NOT work tried ..cannot bind the command 389 or 636 ,,,but telnet work
>
> EOFnsslapd-security: offreplace: nsslapd-securitychangetype: modifydn:
> cn=configldapmodify -h ms -p 636 -D cn="Directory Manager" -w << EOF
>
> ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
>
can you please try to put FQDN name of LDAP server to option -h ?
I have doubts that -h 'ms' is server name
Martin
>
> 2016-04-27 19:29 GMT+08:00 <barrykfl at gmail.com
> <mailto:barrykfl at gmail.com>>:
>
> thx let me try as i dont want stop dirsrv but live disable nsslapd
> security.
>
> 2016年4月27日 下午7:26 於 "David Kupka" <dkupka at redhat.com
> <mailto:dkupka at redhat.com>> 寫道:
>
> On 27/04/16 13:15, barrykfl at gmail.com
> <mailto:barrykfl at gmail.com> wrote:
>
> Do u meant use ldapmodify?
> I tried update the dse.ldif but it will fall back after a
> while.
>
> 2016年4月27日 下午7:10 於 "David Kupka" <dkupka at redhat.com
> <mailto:dkupka at redhat.com>
> <mailto:dkupka at redhat.com <mailto:dkupka at redhat.com>>> 寫道:
>
> On 27/04/16 12:48, barrykfl at gmail.com
> <mailto:barrykfl at gmail.com> <mailto:barrykfl at gmail.com
> <mailto:barrykfl at gmail.com>> wrote:
>
> Hi:
>
> Without restarting dirsrv possible do that ?
>
>
> thx Regards
>
> barry
>
>
>
>
> Hello Barry,
>
> this ldapsearch should list all attributes that needs
> restart after
> modification:
>
> $ ldapsearch -D "cn=Directory Manager" -w Secret123 -b
> cn=config
> nsslapd-requiresrestart
>
> I don't see nsslapd-security listed so it should be
> possible to change it in
> runtime.
>
> --
> David Kupka
>
>
> Yes, I mean ldapmodify.
>
> Editing dse.ldif while dirsrv is running has no effect because
> it is read only at start and written at least before exit.
>
> If you REALLY need to edit dse.ldif be sure to stop dirsrv
> then edit it and start dirsrv again.
>
> --
> David Kupka
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160428/64f89840/attachment.htm>
More information about the Freeipa-users
mailing list