On 22/12/2016 11:42, Brian Candler wrote:
Now, under cn=config, I see:

    nsslapd-allowed-sasl-mechanisms:

(i.e. empty).

I tried changing this to "NTLM" and it accepted the change.

Aside: I'm also stuck changing it back to what it was :-(

None of these works:

dn: cn=config
changetype: modify
replace: nsslapd-allowed-sasl-mechanisms
nsslapd-allowed-sasl-mechanisms:
-
# Server is unwilling to perform (53)

dn: cn=config
changetype: modify
delete: nsslapd-allowed-sasl-mechanisms
-
# Server is unwilling to perform (53)
#    additional info: Deleting attributes is not allowed

dn: cn=config
changetype: modify
replace: nsslapd-allowed-sasl-mechanisms
-
# accepted, but doesn't change the value of the attribute

So for now, I've set "nsslapd-allowed-sasl-mechanisms: GSSAPI EXTERNAL". But that means this server is in a different config state to its replica peers, which I wonder might bite me one day.

Thanks,

Brian.

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to