[Freeipa-users] NTLM SASL?
Brian Candler
b.candler at pobox.com
Thu Dec 22 14:48:39 UTC 2016
On 22/12/2016 14:08, Alexander Bokovoy wrote:
>> dn: cn=config
>> changetype: modify
>> replace: nsslapd-allowed-sasl-mechanisms
>> -
>> # accepted, but doesn't change the value of the attribute
>>
>> So for now, I've set "nsslapd-allowed-sasl-mechanisms: GSSAPI
>> EXTERNAL". But that means this server is in a different config state
>> to its replica peers, which I wonder might bite me one day.
> You can shut the server down (ipactl stop), change the value in the
> config (/etc/dirsrv/slapd-INSTANCE/dse.ldif) and start the server again
> (ipactl start).
Thank you. I looked in this file and the setting wasn't there! But a
bit more investigation showed that the following update *does* update
the config in dse.ldif:
dn: cn=config
changetype: modify
replace: nsslapd-allowed-sasl-mechanisms
-
However the doesn't become visible until you restart the server. Until
then, doing an ldapsearch on cn=config returns the previous value of
this attribute.
Anyway, all is good now.
Thanks again,
Brian.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161222/a439085c/attachment.htm>
More information about the Freeipa-users
mailing list