subject:"\[Freeipa\-users\] Getting Minimum SSF not met."

Re: [Freeipa-users] Getting Minimum SSF not met.

2016-10-20 Thread Guillermo Fuentes

Hi Deepak,
What you did was disabling  unsecure connections to the directory service.

As such, use LDAPS to connect and enable unsecure connections again:

ldapmodify -D "cn=directory manager" -W -H ldaps://`hostname`

dn: cn=config
changetype: modify
replace: nsslapd-minssf
nsslapd-minssf: 0


If the directory service is stopped, you can edit the attribute
in /etc/dirsrv/slapd-EXAMPLE-COM/dse.ldif and start the service.

Hope it helps,
Guillermo



GUILLERMO FUENTES
SENIOR SYSTEMS ADMINISTRATOR

T: 561-880-2998 x1337

E: guillermo.fuen...@modmed.com



[image: [ Modernizing Medicine ]] 
[image: [ Facebook ]]  [image:
[ LinkedIn ]]  [image:
[ YouTube ]]  [image: [
Twitter ]]  [image: [ Blog ]]
 [image: [ Instagram ]]


[image: [ MOMENTUM 2016 ]] 


On Thu, Oct 20, 2016 at 8:03 AM, Deepak Dimri 
wrote:

> Hi All,
>
>
> I wanted to enable secure LDAP connection on freeIPA but alas after
> changing cn=config
>
> nsslapd-minssf from 0 to 128 i am getting  below error:
>
>
> ipactl restart
>
> Failed to read data from Directory Service: Unknown error when retrieving
> list of services from LDAP: Server is unwilling to perform: Minimum SSF not
> met.
>
> Shutting down
>
>
> When trying to put back the original nsslapd-minssf to "0" i am getting below
> error:
>
> modifying entry "cn=config"
>
> ldap_modify: Server is unwilling to perform (53)
>
> additional info: Minimum SSF not met.
>
>
> I tried below configuration but still getting unwilling to perform (53)
> Minimum SSF not met Error.
>
>
> dn: cn=config
>
> changetype: modify
>
> replace: nsslapd-minssf
>
> nsslapd-minssf: 10
>
> -
>
> replace: nsslapd-allow-anonymous-access
>
> nsslapd-allow-anonymous-access: on
>
> -
>
> replace: nsslapd-minssf-exclude-rootdse
>
> nsslapd-minssf-exclude-rootdse: off
>
>
> I am following the steps mentioned here: https://access.redhat.co
> m/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Admi
> nistration_Guide/SecureConnections.html
> Chapter 14. Configuring Secure Connections - Red Hat Support
> 
> access.redhat.com
> By default, clients and users connect to the Red Hat Directory Server over
> a standard connection. Standard connections do not use any encryption, so
> information is ...
>
>
> How can i get  LDAPS working on my FreeIPA?
>
>
> Many Thanks,
>
> Deepak
>
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

[Freeipa-users] Getting Minimum SSF not met.

2016-10-20 Thread Deepak Dimri

Hi All,


I wanted to enable secure LDAP connection on freeIPA but alas after changing 
cn=config

nsslapd-minssf from 0 to 128 i am getting  below error:


ipactl restart

Failed to read data from Directory Service: Unknown error when retrieving list 
of services from LDAP: Server is unwilling to perform: Minimum SSF not met.

Shutting down


When trying to put back the original nsslapd-minssf to "0" i am getting below 
error:

modifying entry "cn=config"

ldap_modify: Server is unwilling to perform (53)

additional info: Minimum SSF not met.


I tried below configuration but still getting unwilling to perform (53) Minimum 
SSF not met Error.


dn: cn=config

changetype: modify

replace: nsslapd-minssf

nsslapd-minssf: 10

-

replace: nsslapd-allow-anonymous-access

nsslapd-allow-anonymous-access: on

-

replace: nsslapd-minssf-exclude-rootdse

nsslapd-minssf-exclude-rootdse: off


I am following the steps mentioned here: 
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/SecureConnections.html

Chapter 14. Configuring Secure Connections - Red Hat 
Support
access.redhat.com
By default, clients and users connect to the Red Hat Directory Server over a 
standard connection. Standard connections do not use any encryption, so 
information is ...




How can i get  LDAPS working on my FreeIPA?


Many Thanks,

Deepak
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Getting Minimum SSF not met.

[Freeipa-users] Getting Minimum SSF not met.

2 matches

Site Navigation

Mail list logo

Footer information