[389-users] Re: Disable Anonymous Bind

2022-07-29 Thread Christian Palacios 
Thank you Rob.  I checked the dse.ldif file and it was set to on.  In order
to shutdown the server to make the changes, what command should I use?
Lots of help, thanks!

On Thu, Jul 28, 2022 at 8:53 AM Rob Crittenden  wrote:

> Jeremiah Garmatter wrote:
> > Christian,
> >
> > I had to do this recently so it's still pretty fresh. You need to track
> > down the dse.ldif file on the server hosting 389. dse.ldif is like the
> > main config for your 389 instance. My file is in
> > /etc/dirsrv/slapd-/dse.ldif.
> > Once you find that file, look for the cn=config section and set
> > "nsslapd-allow-anonymous-access" to "off". You may want to do the same
> > with "nsslapd-allow-unauthenticated-binds" which allows binds to occur
> > with an empty password.
> >
> > You can set the Directory Manager account password from that file as
> > well with the "nsslapd-rootpw" setting. The value of that setting must
> > be the hash of the desired password. You must use the same hashing
> > algorithm as described in the passwordStorageScheme.
> > Then restart the 389 service and you'll have a new directory manager
> > password and disabled anonymous binds.
>
> Not commenting specifically on the settings but any direct changes to
> dse.ldif need to be done while the server is shut down otherwise they
> will be overwritten when the server stops. So stop the server, make
> changes, restart.
>
> rob
>
> >
> > -Jeremiah Garmatter, Systems Administrator
> > -Ohio Northern University, Class of 2020
> > -Work: 419-772-1074
> > -j-garmat...@onu.edu <mailto:j-garmat...@onu.edu>
> >
> >
> > On Thu, Jul 28, 2022 at 10:29 AM Christian Palacios
> > mailto:christiandpalac...@gmail.com>>
> wrote:
> >
> > Hi there,
> >
> > We have an instance of 389 and I have been asked to disable
> > anonymous bind on it because our current security policies don't
> > allow it.  Can you please suggest ways to fix this?  Unfortunately,
> > I don't have the admin account, so I'm hoping to also get help with
> > that.
> >
> > Thank you,
> > -Christian
> > ___
> > 389-users mailing list -- 389-users@lists.fedoraproject.org
> > <mailto:389-users@lists.fedoraproject.org>
> > To unsubscribe send an email to
> > 389-users-le...@lists.fedoraproject.org
> > <mailto:389-users-le...@lists.fedoraproject.org>
> > Fedora Code of Conduct:
> > https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > List Guidelines:
> https://fedoraproject.org/wiki/Mailing_list_guidelines
> > List Archives:
> >
> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
> > Do not reply to spam on the list, report it:
> > https://pagure.io/fedora-infrastructure
> >
> >
> > ___
> > 389-users mailing list -- 389-users@lists.fedoraproject.org
> > To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
> > Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> > List Archives:
> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
> > Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
> >
> ___
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
>
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[389-users] Disable Anonymous Bind

2022-07-28 Thread Christian Palacios 
Hi there,

We have an instance of 389 and I have been asked to disable anonymous bind
on it because our current security policies don't allow it.  Can you please
suggest ways to fix this?  Unfortunately, I don't have the admin account,
so I'm hoping to also get help with that.

Thank you,
-Christian
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[389-users] 389 Management Console problems, help!

2018-05-02 Thread Christian Palacios 
Hi there,

The Directory Server was working just fine, but now when we try to connect
to it using the Management Console (hosted on a Windows VM), it takes a
very long time to connect.  Plus whenever I go to the Directory Server ->
Encryption tab, I get a Connection error.

"java.io.InterruptedIOException: HTTP response timeout"

What should I check on the Directory Server to check why the connection is
so slow??  I need help quickly because this is affecting a major project I
am working on.

Thank you!
-Christian
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org