[Freeipa-users] can live turn off nsslapd-security: to off ?

Barry kliu at alumni.warwick.ac.uk
Thu Apr 28 09:03:12 UTC 2016 

Already set nsslapd:sceruity off on server 1 <> server 2

BUt still produce error on replication. Is it possible to ignore any cert /
start tLS ?

/var/log/dirsrv/slapd-PKI-IPA
[28/Apr/2016:16:51:15 +0800] slapi_ldap_bind - Error: could not send
startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport
endpoint is not connected)

[26/Apr/2016:18:35:31 +0800] slapd_ldap_sasl_interactive_bind - Error:
could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1
(Can't contact LDAP server) ((null)) errno 107 (Transport endpoint is not
connected)

2016-04-28 16:15 GMT+08:00 Martin Basti <mbasti at redhat.com>:

>
>
> On 28.04.2016 08:00, Barry wrote:
>
> NOT work tried ..cannot bind the command 389 or 636 ,,,but telnet work
>
> EOFnsslapd-security: offreplace: nsslapd-securitychangetype: modifydn:
> cn=configldapmodify -h ms -p 636 -D cn="Directory Manager" -w  << EOF
>
> ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
>
> can you please try to put FQDN name of LDAP server to option -h ?
> I have doubts that -h 'ms' is server name
>
> Martin
>
>
>
> 2016-04-27 19:29 GMT+08:00 <barrykfl at gmail.com>:
>
>> thx let me try as i dont want stop dirsrv but live disable nsslapd
>> security.
>> 2016年4月27日 下午7:26 於 "David Kupka" <dkupka at redhat.com> 寫道:
>>
>>> On 27/04/16 13:15, barrykfl at gmail.com wrote:
>>>
>>>> Do u meant use ldapmodify?
>>>> I tried update the dse.ldif but it will fall back after a while.
>>>>
>>>> 2016年4月27日 下午7:10 於 "David Kupka" <dkupka at redhat.com
>>>> <mailto:dkupka at redhat.com>> 寫道:
>>>>
>>>>     On 27/04/16 12:48, barrykfl at gmail.com <mailto:barrykfl at gmail.com>
>>>> wrote:
>>>>
>>>>         Hi:
>>>>
>>>>         Without restarting dirsrv possible do that ?
>>>>
>>>>
>>>>         thx Regards
>>>>
>>>>         barry
>>>>
>>>>
>>>>
>>>>
>>>>     Hello Barry,
>>>>
>>>>     this ldapsearch should list all attributes that needs restart after
>>>>     modification:
>>>>
>>>>     $ ldapsearch -D "cn=Directory Manager" -w Secret123 -b cn=config
>>>>     nsslapd-requiresrestart
>>>>
>>>>     I don't see nsslapd-security listed so it should be possible to
>>>> change it in
>>>>     runtime.
>>>>
>>>>     --
>>>>     David Kupka
>>>>
>>>>
>>> Yes, I mean ldapmodify.
>>>
>>> Editing dse.ldif while dirsrv is running has no effect because it is
>>> read only at start and written at least before exit.
>>>
>>> If you REALLY need to edit dse.ldif be sure to stop dirsrv then edit it
>>> and start dirsrv again.
>>>
>>> --
>>> David Kupka
>>>
>>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160428/5c424bd2/attachment.htm>

More information about the Freeipa-users mailing list