On 22/12/2016 11:42, Brian Candler wrote:
Now, under cn=config, I see:
nsslapd-allowed-sasl-mechanisms:
(i.e. empty).
I tried changing this to "NTLM" and it accepted the change.
Aside: I'm also stuck changing it back to what it was :-(
None of these works:
dn: cn=config
changetype: modify
replace: nsslapd-allowed-sasl-mechanisms
nsslapd-allowed-sasl-mechanisms:
-
# Server is unwilling to perform (53)
dn: cn=config
changetype: modify
delete: nsslapd-allowed-sasl-mechanisms
-
# Server is unwilling to perform (53)
# additional info: Deleting attributes is not allowed
dn: cn=config
changetype: modify
replace: nsslapd-allowed-sasl-mechanisms
-
# accepted, but doesn't change the value of the attribute
So for now, I've set "nsslapd-allowed-sasl-mechanisms: GSSAPI EXTERNAL".
But that means this server is in a different config state to its replica
peers, which I wonder might bite me one day.
Thanks,
Brian.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
