Natxo Asenjo via FreeIPA-users wrote:
> hi,
> in chapter 36
> (
> <>)
> we have instructions on disabling anonymous binds.
> Can I set these settings in dse.ldif instead of using the ldapmodify
> commando? I think cn=config is not replicated

That is correct. You'll need to make the changes to all current masters
and remember to apply them to any new ones in the future.

> So I could still set this in dse.ldif (both to disable anonymous binds
> as to force using encryption):
> nsslapd-allow-anonymous-access: rootdse
> nsslapd-minssf: 56

Yes that will work.

Remember, you must make changes to dse.ldif while 389-ds is stopped.

FreeIPA-users mailing list --
To unsubscribe send an email to

Reply via email to