Already set nsslapd:sceruity off on server 1 <> server 2 BUt still produce error on replication. Is it possible to ignore any cert / start tLS ?
/var/log/dirsrv/slapd-PKI-IPA [28/Apr/2016:16:51:15 +0800] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) [26/Apr/2016:18:35:31 +0800] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 107 (Transport endpoint is not connected) 2016-04-28 16:15 GMT+08:00 Martin Basti <mba...@redhat.com>: > > > On 28.04.2016 08:00, Barry wrote: > > NOT work tried ..cannot bind the command 389 or 636 ,,,but telnet work > > EOFnsslapd-security: offreplace: nsslapd-securitychangetype: modifydn: > cn=configldapmodify -h ms -p 636 -D cn="Directory Manager" -w << EOF > > ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) > > can you please try to put FQDN name of LDAP server to option -h ? > I have doubts that -h 'ms' is server name > > Martin > > > > 2016-04-27 19:29 GMT+08:00 <barry...@gmail.com>: > >> thx let me try as i dont want stop dirsrv but live disable nsslapd >> security. >> 2016年4月27日 下午7:26 於 "David Kupka" <dku...@redhat.com> 寫道: >> >>> On 27/04/16 13:15, barry...@gmail.com wrote: >>> >>>> Do u meant use ldapmodify? >>>> I tried update the dse.ldif but it will fall back after a while. >>>> >>>> 2016年4月27日 下午7:10 於 "David Kupka" <dku...@redhat.com >>>> <mailto:dku...@redhat.com>> 寫道: >>>> >>>> On 27/04/16 12:48, barry...@gmail.com <mailto:barry...@gmail.com> >>>> wrote: >>>> >>>> Hi: >>>> >>>> Without restarting dirsrv possible do that ? >>>> >>>> >>>> thx Regards >>>> >>>> barry >>>> >>>> >>>> >>>> >>>> Hello Barry, >>>> >>>> this ldapsearch should list all attributes that needs restart after >>>> modification: >>>> >>>> $ ldapsearch -D "cn=Directory Manager" -w Secret123 -b cn=config >>>> nsslapd-requiresrestart >>>> >>>> I don't see nsslapd-security listed so it should be possible to >>>> change it in >>>> runtime. >>>> >>>> -- >>>> David Kupka >>>> >>>> >>> Yes, I mean ldapmodify. >>> >>> Editing dse.ldif while dirsrv is running has no effect because it is >>> read only at start and written at least before exit. >>> >>> If you REALLY need to edit dse.ldif be sure to stop dirsrv then edit it >>> and start dirsrv again. >>> >>> -- >>> David Kupka >>> >> > > > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project