On 22/12/2016 14:08, Alexander Bokovoy wrote:
dn: cn=config
changetype: modify
replace: nsslapd-allowed-sasl-mechanisms
-
# accepted, but doesn't change the value of the attribute
So for now, I've set "nsslapd-allowed-sasl-mechanisms: GSSAPI
EXTERNAL". But that means this server is in a different config state
to its replica peers, which I wonder might bite me one day.
You can shut the server down (ipactl stop), change the value in the
config (/etc/dirsrv/slapd-INSTANCE/dse.ldif) and start the server again
(ipactl start).
Thank you. I looked in this file and the setting wasn't there! But a
bit more investigation showed that the following update *does* update
the config in dse.ldif:
dn: cn=config
changetype: modify
replace: nsslapd-allowed-sasl-mechanisms
-
However the doesn't become visible until you restart the server. Until
then, doing an ldapsearch on cn=config returns the previous value of
this attribute.
Anyway, all is good now.
Thanks again,
Brian.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
