<div dir="ltr"><div class="gmail_default"><div class="gmail_default"><font face="verdana, sans-serif">Hi Deepak,</font></div><div class="gmail_default"><font face="verdana, sans-serif">What you did was disabling  unsecure connections to the directory service.</font></div><div class="gmail_default"><font face="verdana, sans-serif"><br></font></div><div class="gmail_default"><font face="verdana, sans-serif">As such, use LDAPS to connect and enable unsecure connections again:</font></div><div class="gmail_default"><font face="verdana, sans-serif"><br></font></div><div class="gmail_default"><font face="verdana, sans-serif">ldapmodify -D "cn=directory manager" -W -H ldaps://`hostname`</font></div><div class="gmail_default"><font face="verdana, sans-serif"><br></font></div><div class="gmail_default"><font face="verdana, sans-serif">dn: cn=config</font></div><div class="gmail_default"><font face="verdana, sans-serif">changetype: modify</font></div><div class="gmail_default"><font face="verdana, sans-serif">replace: nsslapd-minssf</font></div><div class="gmail_default"><font face="verdana, sans-serif">nsslapd-minssf: 0</font></div><div class="gmail_default"><font face="verdana, sans-serif"><br></font></div><div class="gmail_default"><font face="verdana, sans-serif"><br></font></div><div class="gmail_default"><font face="verdana, sans-serif">If the directory service is stopped, you can edit the attribute in /etc/dirsrv/slapd-EXAMPLE-COM/dse.ldif and start the service.</font></div><div class="gmail_default"><font face="verdana, sans-serif"><br></font></div><div class="gmail_default"><font face="verdana, sans-serif">Hope it helps,</font></div><div class="gmail_default"><font face="verdana, sans-serif">Guillermo</font></div></div><div class="gmail_default" style="font-family:verdana,sans-serif"><span style="color:rgb(51,51,51);font-family:arial,sans-serif;font-size:14px"><br></span></div><div class="gmail_default" style="font-family:verdana,sans-serif"><span style="color:rgb(51,51,51);font-family:arial,sans-serif;font-size:14px"><br></span></div><div class="gmail_extra"><br clear="all"><div><div class="gmail-m_-4320786072963891646gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div style="color:rgb(0,0,0);font-family:times;font-size:medium"><div style="color:rgb(146,145,146);font-size:0.8em"><div style="color:rgb(64,30,108);font-weight:600"><div style="color:rgb(0,0,0);font-size:medium;font-weight:normal;font-family:helveticaneue-light,"helvetica neue light","helvetica neue",helvetica,arial,"lucida grande",sans-serif"><div style="color:rgb(146,145,146);font-size:0.8em"><div style="color:rgb(64,30,108);font-weight:600"><div style="color:rgb(65,64,66);font-family:lato,sans-serif;font-size:12px;font-weight:normal;line-height:12px;float:left"><span style="display:inline-block;font-weight:700;font-size:13px;color:rgb(78,38,131);text-transform:uppercase">GUILLERMO</span> <span style="display:inline-block;font-size:13px;color:rgb(78,38,131);text-transform:uppercase">FUENTES</span> <br><span style="display:inline-block;font-size:11px;color:rgb(176,176,176);text-transform:uppercase;line-height:18px">SENIOR SYSTEMS ADMINISTRATOR</span><div style="clear:both;color:rgb(102,102,102);font-size:11px;letter-spacing:1px;line-height:4px"><p style="padding-left:1px">T: <a href="tel:561-880-2998%20x1337" value="+15618802998" target="_blank">561-880-2998 x1337</a></p><p>E:  <a href="mailto:guillermo.fuentes@modmed.com" target="_blank">guillermo.fuentes@modmed.com</a></p></div></div><br style="color:rgb(65,64,66);font-family:lato,sans-serif;font-size:12px;font-weight:normal;line-height:12px"><br style="color:rgb(65,64,66);font-family:lato,sans-serif;font-size:12px;font-weight:normal;line-height:12px"><div style="color:rgb(65,64,66);font-family:lato,sans-serif;font-size:12px;font-weight:normal;line-height:12px;clear:both"><br><table border="0" cellpadding="0" cellspacing="0" width="180em" style="border-collapse:collapse"><tbody><tr><td width="220" style="border-collapse:collapse"><a href="http://www.modmed.com/" style="color:rgb(255,210,4);outline:none" target="_blank"><img alt="[ Modernizing Medicine ]" height="66" src="http://www.modmed.com/wp-content/uploads/2015/08/mm-signature-logo.png" width="166" style="display: block; border: none; outline: none; text-decoration: none;"></a><table border="0" cellpadding="0" cellspacing="0" width="95%" style="border-collapse:collapse"><tbody><tr><td style="border-collapse:collapse"><a href="http://www.facebook.com/modernizingmedicine" style="color:rgb(255,210,4);outline:none" target="_blank"><img alt="[ Facebook ]" border="0" height="18" src="https://www.modmed.com/wp-content/uploads/2014/11/Email_Facebook_20.jpg" width="23" style="display: block; border: none; outline: none; text-decoration: none;"></a></td><td width="8" style="border-collapse:collapse"><img alt="" height="1" src="http://www.modmed.com/wp-content/uploads/2015/08/blankspace.png" width="3" style="display: block; border: none; outline: none;"></td><td style="border-collapse:collapse"><a href="http://www.linkedin.com/company/modernizing-medicine/" style="color:rgb(255,210,4);outline:none" target="_blank"><img alt="[ LinkedIn ]" border="0" height="18" src="https://www.modmed.com/wp-content/uploads/2014/11/Email_LinkedIn_20.jpg" width="28" style="display: block; border: none; outline: none; text-decoration: none;"></a></td><td width="8" style="border-collapse:collapse"><img alt="" height="1" src="http://www.modmed.com/wp-content/uploads/2015/08/blankspace.png" width="3" style="display: block; border: none; outline: none;"></td><td style="border-collapse:collapse"><a href="http://www.youtube.com/user/modernizingmedicine" style="color:rgb(255,210,4);outline:none" target="_blank"><img alt="[ YouTube ]" border="0" height="18" src="https://www.modmed.com/wp-content/uploads/2014/11/Email_YouTube_20.jpg" width="28" style="display: block; border: none; outline: none; text-decoration: none;"></a></td><td width="8" style="border-collapse:collapse"><img alt="" height="1" src="http://www.modmed.com/wp-content/uploads/2015/08/blankspace.png" width="3" style="display: block; border: none; outline: none;"></td><td style="border-collapse:collapse"><a href="https://twitter.com/modmed_EMA" style="color:rgb(255,210,4);outline:none" target="_blank"><img alt="[ Twitter ]" border="0" height="18" src="https://www.modmed.com/wp-content/uploads/2014/11/Email_Twitter_20.jpg" width="28" style="display: block; border: none; outline: none; text-decoration: none;"></a></td><td width="8" style="border-collapse:collapse"><img alt="" height="1" src="http://www.modmed.com/wp-content/uploads/2015/08/blankspace.png" width="3" style="display: block; border: none; outline: none;"></td><td style="border-collapse:collapse"><a href="http://www.modmed.com/BlogBeyondEMR" style="color:rgb(255,210,4);outline:none" target="_blank"><img alt="[ Blog ]" border="0" height="18" src="https://www.modmed.com/wp-content/uploads/2014/11/Email_Blog_20.jpg" width="25" style="display: block; border: none; outline: none; text-decoration: none;"></a></td><td width="8" style="border-collapse:collapse"><img alt="" height="1" src="http://www.modmed.com/wp-content/uploads/2015/08/blankspace.png" width="3" style="display: block; border: none; outline: none;"></td><td style="border-collapse:collapse"><a href="http://instagram.com/modernizing_medicine" style="color:rgb(255,210,4);outline:none" target="_blank"><img alt="[ Instagram ]" border="0" height="18" src="https://www.modmed.com/wp-content/uploads/2014/11/Email_Instagam_20.jpg" width="23" style="display: block; border: none; outline: none; text-decoration: none;"></a></td></tr></tbody></table></td></tr></tbody></table></div><br style="color:rgb(65,64,66);font-family:lato,sans-serif;font-size:12px;font-weight:normal;line-height:12px"><div style="color:rgb(65,64,66);font-family:lato,sans-serif;font-size:12px;font-weight:normal;line-height:12px;clear:both"><table border="0" cellpadding="0" cellspacing="0" style="border-collapse:collapse"><tbody><tr><td style="border-collapse:collapse"><a href="https://www.eventproducers.events/momentum2016" style="color:rgb(255,210,4);outline:none" target="_blank"><img alt="[ MOMENTUM 2016 ]" height="54" width="161" src="http://www.modmed.com/wp-content/uploads/2016/06/momentum-logo-for-email-signature.png" style="display: block; border: none; outline: none; text-decoration: none;"></a></td></tr></tbody></table></div><br style="color:rgb(65,64,66);font-family:lato,sans-serif;font-size:12px;font-weight:normal;line-height:12px"></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
<br><div class="gmail_quote">On Thu, Oct 20, 2016 at 8:03 AM, Deepak Dimri <span dir="ltr"><<a href="mailto:deepak_dimri@hotmail.com" target="_blank">deepak_dimri@hotmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">




<div dir="ltr">
<div id="gmail-m_-4320786072963891646m_5096667545277076552divtagdefaultwrapper" style="font-size:12pt;color:rgb(0,0,0);font-family:calibri,arial,helvetica,sans-serif">
<p>Hi All, </p>
<p><span style="font-size:12pt"><br>
</span></p>
<p><span style="font-size:12pt">I wanted to enable secure LDAP connection on freeIPA but alas a</span><span style="font-size:12pt">fter changing cn=config </span><span style="font-size:12pt"></span></p>
<p class="gmail-m_-4320786072963891646m_5096667545277076552p1"><span class="gmail-m_-4320786072963891646m_5096667545277076552s1">nsslapd-minssf </span><span style="font-size:12pt">from 0 to 128 i am getting  below error:</span></p>

<p></p>
<p><br>
</p>
<p class="gmail-m_-4320786072963891646m_5096667545277076552p1"><span class="gmail-m_-4320786072963891646m_5096667545277076552s1">ipactl restart</span></p>
<p class="gmail-m_-4320786072963891646m_5096667545277076552p1"><span class="gmail-m_-4320786072963891646m_5096667545277076552s1">Failed to read data from Directory Service: Unknown error when retrieving list of services from LDAP: Server is unwilling to perform: Minimum SSF not met.</span></p>
<p class="gmail-m_-4320786072963891646m_5096667545277076552p1"><span class="gmail-m_-4320786072963891646m_5096667545277076552s1">Shutting down</span></p>
<p class="gmail-m_-4320786072963891646m_5096667545277076552p1"><span class="gmail-m_-4320786072963891646m_5096667545277076552s1"><br>
</span></p>
<p class="gmail-m_-4320786072963891646m_5096667545277076552p1"><span class="gmail-m_-4320786072963891646m_5096667545277076552s1">When trying to put back the original <span style="font-family:calibri,arial,helvetica,sans-serif,"apple color emoji","segoe ui emoji",notocoloremoji,"segoe ui symbol","android emoji",emojisymbols;font-size:16px">nsslapd-minssf
 to "0" i</span></span> am getting <span style="font-family:calibri,arial,helvetica,sans-serif,"apple color emoji","segoe ui emoji",notocoloremoji,"segoe ui symbol","android emoji",emojisymbols;font-size:16px">below error: </span></p>
<p class="gmail-m_-4320786072963891646m_5096667545277076552p1"></p>
<p class="gmail-m_-4320786072963891646m_5096667545277076552p1"><span class="gmail-m_-4320786072963891646m_5096667545277076552s1">modifying entry "cn=config"</span></p>
<p class="gmail-m_-4320786072963891646m_5096667545277076552p1"><span class="gmail-m_-4320786072963891646m_5096667545277076552s1">ldap_modify: Server is unwilling to perform (53)</span></p>
<p class="gmail-m_-4320786072963891646m_5096667545277076552p1"><span class="gmail-m_-4320786072963891646m_5096667545277076552s1"><span class="gmail-m_-4320786072963891646m_5096667545277076552Apple-tab-span"></span>additional info: Minimum SSF not met.</span></p>
<p class="gmail-m_-4320786072963891646m_5096667545277076552p2"><span class="gmail-m_-4320786072963891646m_5096667545277076552s1"></span><br>
</p>
I tried below configuration but still getting unwilling to perform (53) Minimum SSF not met Error.
<p></p>
<p class="gmail-m_-4320786072963891646m_5096667545277076552p1"><br>
</p>
<p class="gmail-m_-4320786072963891646m_5096667545277076552p1"></p>
<p class="gmail-m_-4320786072963891646m_5096667545277076552p1"><span class="gmail-m_-4320786072963891646m_5096667545277076552s1">dn: cn=config</span></p>
<p class="gmail-m_-4320786072963891646m_5096667545277076552p1"><span class="gmail-m_-4320786072963891646m_5096667545277076552s1">changetype: modify</span></p>
<p class="gmail-m_-4320786072963891646m_5096667545277076552p1"><span class="gmail-m_-4320786072963891646m_5096667545277076552s1">replace: nsslapd-minssf</span></p>
<p class="gmail-m_-4320786072963891646m_5096667545277076552p1"><span class="gmail-m_-4320786072963891646m_5096667545277076552s1">nsslapd-minssf: 10</span></p>
<p class="gmail-m_-4320786072963891646m_5096667545277076552p1"><span class="gmail-m_-4320786072963891646m_5096667545277076552s1">-</span></p>
<p class="gmail-m_-4320786072963891646m_5096667545277076552p1"><span class="gmail-m_-4320786072963891646m_5096667545277076552s1">replace: nsslapd-allow-anonymous-access</span></p>
<p class="gmail-m_-4320786072963891646m_5096667545277076552p1"><span class="gmail-m_-4320786072963891646m_5096667545277076552s1">nsslapd-allow-anonymous-access<wbr>: on</span></p>
<p class="gmail-m_-4320786072963891646m_5096667545277076552p1"><span class="gmail-m_-4320786072963891646m_5096667545277076552s1">-</span></p>
<p class="gmail-m_-4320786072963891646m_5096667545277076552p1"><span class="gmail-m_-4320786072963891646m_5096667545277076552s1">replace: nsslapd-minssf-exclude-rootdse</span></p>
<p class="gmail-m_-4320786072963891646m_5096667545277076552p1"><span class="gmail-m_-4320786072963891646m_5096667545277076552s1">nsslapd-minssf-exclude-rootdse<wbr>: off</span></p>
<p class="gmail-m_-4320786072963891646m_5096667545277076552p1"><span class="gmail-m_-4320786072963891646m_5096667545277076552s1"><br>
</span></p>
<p class="gmail-m_-4320786072963891646m_5096667545277076552p1">I am following the steps mentioned here: <a href="https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/SecureConnections.html" class="gmail-m_-4320786072963891646m_5096667545277076552OWAAutoLink" id="gmail-m_-4320786072963891646m_5096667545277076552LPlnk712058" target="_blank">https://access.redhat.co<wbr>m/documentation/en-US/Red_Hat_<wbr>Directory_Server/8.2/html/Admi<wbr>nistration_Guide/SecureConnect<wbr>ions.html</a></p>
<div id="gmail-m_-4320786072963891646m_5096667545277076552LPBorder_GT_14769649249620.3256429045702476" style="margin-bottom:20px;overflow:auto;width:100%;text-indent:0px">
<table id="gmail-m_-4320786072963891646m_5096667545277076552LPContainer_14769649249590.5317645170006295" cellspacing="0" style="width:90%;background-color:rgb(255,255,255);overflow:auto;padding-top:20px;padding-bottom:20px;margin-top:20px;border-top:1px dotted rgb(200,200,200);border-bottom:1px dotted rgb(200,200,200)">
<tbody>
<tr valign="top">
<td id="gmail-m_-4320786072963891646m_5096667545277076552TextCell_14769649249600.2466192940251246" colspan="2" style="vertical-align:top;padding:0px;display:table-cell">
<div id="gmail-m_-4320786072963891646m_5096667545277076552LPRemovePreviewContainer_14769649249600.13641114276589916"></div>
<div id="gmail-m_-4320786072963891646m_5096667545277076552LPTitle_14769649249600.27390544252265614" style="color:rgb(0,120,215);font-weight:normal;font-size:21px;font-family:wf_segoe-ui_light,"segoe ui light","segoe wp light","segoe ui","segoe wp",tahoma,arial,sans-serif;line-height:21px">
<a id="gmail-m_-4320786072963891646m_5096667545277076552LPUrlAnchor_14769649249610.5893093989684759" href="https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/SecureConnections.html" style="text-decoration:none" target="_blank">Chapter 14. Configuring Secure
 Connections - Red Hat Support</a></div>
<div id="gmail-m_-4320786072963891646m_5096667545277076552LPMetadata_14769649249610.02243114385193401" style="margin:10px 0px 16px;color:rgb(102,102,102);font-weight:normal;font-family:wf_segoe-ui_normal,"segoe ui","segoe wp",tahoma,arial,sans-serif;font-size:14px;line-height:14px">
<a href="http://access.redhat.com" target="_blank">access.redhat.com</a></div>
<div id="gmail-m_-4320786072963891646m_5096667545277076552LPDescription_14769649249620.007572451916774581" style="display:block;color:rgb(102,102,102);font-weight:normal;font-family:wf_segoe-ui_normal,"segoe ui","segoe wp",tahoma,arial,sans-serif;font-size:14px;line-height:20px;max-height:100px;overflow:hidden">
By default, clients and users connect to the Red Hat Directory Server over a standard connection. Standard connections do not use any encryption, so information is ...</div>
</td>
</tr>
</tbody>
</table>
</div>
<br>
<p class="gmail-m_-4320786072963891646m_5096667545277076552p1"><br>
</p>
<p class="gmail-m_-4320786072963891646m_5096667545277076552p1">How can i get  LDAPS working on my FreeIPA?</p>
<p class="gmail-m_-4320786072963891646m_5096667545277076552p1"><br>
</p>
<p class="gmail-m_-4320786072963891646m_5096667545277076552p1">Many Thanks,</p>
<p class="gmail-m_-4320786072963891646m_5096667545277076552p1">Deepak</p>
<p></p>
<p></p>
</div>
</div>

<br>--<br>
Manage your subscription for the Freeipa-users mailing list:<br>
<a href="https://www.redhat.com/mailman/listinfo/freeipa-users" rel="noreferrer" target="_blank">https://www.redhat.com/mailman<wbr>/listinfo/freeipa-users</a><br>
Go to <a href="http://freeipa.org" rel="noreferrer" target="_blank">http://freeipa.org</a> for more info on the project<br></blockquote></div><br></div></div>