[Freeipa-users] NTLM SASL?
Alexander Bokovoy
abokovoy at redhat.com
Thu Dec 22 14:08:00 UTC 2016
On to, 22 joulu 2016, Brian Candler wrote:
>On 22/12/2016 11:42, Brian Candler wrote:
>>Now, under cn=config, I see:
>>
>> nsslapd-allowed-sasl-mechanisms:
>>
>>(i.e. empty).
>>
>>I tried changing this to "NTLM" and it accepted the change.
>
>Aside: I'm also stuck changing it back to what it was :-(
>
>None of these works:
>
>dn: cn=config
>changetype: modify
>replace: nsslapd-allowed-sasl-mechanisms
>nsslapd-allowed-sasl-mechanisms:
>-
># Server is unwilling to perform (53)
>
>dn: cn=config
>changetype: modify
>delete: nsslapd-allowed-sasl-mechanisms
>-
># Server is unwilling to perform (53)
># additional info: Deleting attributes is not allowed
>
>dn: cn=config
>changetype: modify
>replace: nsslapd-allowed-sasl-mechanisms
>-
># accepted, but doesn't change the value of the attribute
>
>So for now, I've set "nsslapd-allowed-sasl-mechanisms: GSSAPI
>EXTERNAL". But that means this server is in a different config state
>to its replica peers, which I wonder might bite me one day.
You can shut the server down (ipactl stop), change the value in the
config (/etc/dirsrv/slapd-INSTANCE/dse.ldif) and start the server again
(ipactl start).
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list