[Freeipa-users] Getting Minimum SSF not met.
Guillermo Fuentes
guillermo.fuentes at modernizingmedicine.com
Thu Oct 20 15:43:37 UTC 2016
Hi Deepak,
What you did was disabling unsecure connections to the directory service.
As such, use LDAPS to connect and enable unsecure connections again:
ldapmodify -D "cn=directory manager" -W -H ldaps://`hostname`
dn: cn=config
changetype: modify
replace: nsslapd-minssf
nsslapd-minssf: 0
If the directory service is stopped, you can edit the attribute
in /etc/dirsrv/slapd-EXAMPLE-COM/dse.ldif and start the service.
Hope it helps,
Guillermo
GUILLERMO FUENTES
SENIOR SYSTEMS ADMINISTRATOR
T: 561-880-2998 x1337
E: guillermo.fuentes at modmed.com
[image: [ Modernizing Medicine ]] <http://www.modmed.com/>
[image: [ Facebook ]] <http://www.facebook.com/modernizingmedicine> [image:
[ LinkedIn ]] <http://www.linkedin.com/company/modernizing-medicine/> [image:
[ YouTube ]] <http://www.youtube.com/user/modernizingmedicine> [image: [
Twitter ]] <https://twitter.com/modmed_EMA> [image: [ Blog ]]
<http://www.modmed.com/BlogBeyondEMR> [image: [ Instagram ]]
<http://instagram.com/modernizing_medicine>
[image: [ MOMENTUM 2016 ]] <https://www.eventproducers.events/momentum2016>
On Thu, Oct 20, 2016 at 8:03 AM, Deepak Dimri <deepak_dimri at hotmail.com>
wrote:
> Hi All,
>
>
> I wanted to enable secure LDAP connection on freeIPA but alas after
> changing cn=config
>
> nsslapd-minssf from 0 to 128 i am getting below error:
>
>
> ipactl restart
>
> Failed to read data from Directory Service: Unknown error when retrieving
> list of services from LDAP: Server is unwilling to perform: Minimum SSF not
> met.
>
> Shutting down
>
>
> When trying to put back the original nsslapd-minssf to "0" i am getting below
> error:
>
> modifying entry "cn=config"
>
> ldap_modify: Server is unwilling to perform (53)
>
> additional info: Minimum SSF not met.
>
>
> I tried below configuration but still getting unwilling to perform (53)
> Minimum SSF not met Error.
>
>
> dn: cn=config
>
> changetype: modify
>
> replace: nsslapd-minssf
>
> nsslapd-minssf: 10
>
> -
>
> replace: nsslapd-allow-anonymous-access
>
> nsslapd-allow-anonymous-access: on
>
> -
>
> replace: nsslapd-minssf-exclude-rootdse
>
> nsslapd-minssf-exclude-rootdse: off
>
>
> I am following the steps mentioned here: https://access.redhat.co
> m/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Admi
> nistration_Guide/SecureConnections.html
> Chapter 14. Configuring Secure Connections - Red Hat Support
> <https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/SecureConnections.html>
> access.redhat.com
> By default, clients and users connect to the Red Hat Directory Server over
> a standard connection. Standard connections do not use any encryption, so
> information is ...
>
>
> How can i get LDAPS working on my FreeIPA?
>
>
> Many Thanks,
>
> Deepak
>
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161020/3a637a76/attachment.htm>
More information about the Freeipa-users
mailing list