[Freeipa-users] can live turn off nsslapd-security: to off ?

Martin Basti mbasti at redhat.com
Thu Apr 28 08:15:37 UTC 2016 


On 28.04.2016 08:00, Barry wrote:
> NOT work tried ..cannot bind the command 389 or 636 ,,,but telnet work
>
> EOFnsslapd-security: offreplace: nsslapd-securitychangetype: modifydn: 
> cn=configldapmodify -h ms -p 636 -D cn="Directory Manager" -w  << EOF
>
> ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
>
can you please try to put FQDN name of LDAP server to option -h ?
I have doubts that -h 'ms' is server name

Martin

>
> 2016-04-27 19:29 GMT+08:00 <barrykfl at gmail.com 
> <mailto:barrykfl at gmail.com>>:
>
>     thx let me try as i dont want stop dirsrv but live disable nsslapd
>     security.
>
>     2016年4月27日 下午7:26 於 "David Kupka" <dkupka at redhat.com
>     <mailto:dkupka at redhat.com>> 寫道:
>
>         On 27/04/16 13:15, barrykfl at gmail.com
>         <mailto:barrykfl at gmail.com> wrote:
>
>             Do u meant use ldapmodify?
>             I tried update the dse.ldif but it will fall back after a
>             while.
>
>             2016年4月27日 下午7:10 於 "David Kupka" <dkupka at redhat.com
>             <mailto:dkupka at redhat.com>
>             <mailto:dkupka at redhat.com <mailto:dkupka at redhat.com>>> 寫道:
>
>                 On 27/04/16 12:48, barrykfl at gmail.com
>             <mailto:barrykfl at gmail.com> <mailto:barrykfl at gmail.com
>             <mailto:barrykfl at gmail.com>> wrote:
>
>                     Hi:
>
>                     Without restarting dirsrv possible do that ?
>
>
>                     thx Regards
>
>                     barry
>
>
>
>
>                 Hello Barry,
>
>                 this ldapsearch should list all attributes that needs
>             restart after
>                 modification:
>
>                 $ ldapsearch -D "cn=Directory Manager" -w Secret123 -b
>             cn=config
>                 nsslapd-requiresrestart
>
>                 I don't see nsslapd-security listed so it should be
>             possible to change it in
>                 runtime.
>
>                 --
>                 David Kupka
>
>
>         Yes, I mean ldapmodify.
>
>         Editing dse.ldif while dirsrv is running has no effect because
>         it is read only at start and written at least before exit.
>
>         If you REALLY need to edit dse.ldif be sure to stop dirsrv
>         then edit it and start dirsrv again.
>
>         -- 
>         David Kupka
>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160428/64f89840/attachment.htm>

More information about the Freeipa-users mailing list