Djerk Geurts via FreeIPA-users wrote: > I'm trying to disable anonymous bind, in fact until today I thought I had. > But alas nsslapd-allow-anonymous-access is on and I'm unable to turn it off. > > ``` > user@ipa:~$ ldapsearch -x -H LDAP://ipa.domain.com:389 -D 'cn=Directory > Manager' -W "(objectClass=*)" -b cn=config -s base > nsslapd-allow-anonymous-access > Enter LDAP Password: > # extended LDIF > # > # LDAPv3 > # base <cn=config> with scope baseObject > # filter: (objectClass=*) > # requesting: nsslapd-allow-anonymous-access > # > > # config > dn: cn=config > nsslapd-allow-anonymous-access: on > > # search result > search: 2 > result: 0 Success > > # numResponses: 2 > # numEntries: 1 > ``` > > I don't get any errors, but I don't see the value changed configuration > either: > > ``` > user@ipa:~$ ldapmodify -x -D 'cn=Directory Manager' -W -H > LDAP://ipa.domain.com:389 > Enter LDAP Password: > dc: cn=config > changetype: modify > replace: nsslapd-allow-anonymous-access > nsslapd-allow-anonymous-access: rootdse > > user@ipa:~$ > ```
You have dc: cn=config and not dn: cn=config. After the modify you should see something like: modifying entry "cn=config" I think it's still waiting for a dn to operate on, hence no error. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
