Natxo Asenjo via FreeIPA-users wrote: > hi, > > in chapter 36 > (https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/pdf/linux_domain_identity_authentication_and_policy_guide/Red_Hat_Enterprise_Linux-7-Linux_Domain_Identity_Authentication_and_Policy_Guide-en-US.pdf > <https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/pdf/linux_domain_identity_authentication_and_policy_guide/Red_Hat_Enterprise_Linux-7-Linux_Domain_Identity_Authentication_and_Policy_Guide-en-US.pdf>) > we have instructions on disabling anonymous binds. > > Can I set these settings in dse.ldif instead of using the ldapmodify > commando? I think cn=config is not replicated
That is correct. You'll need to make the changes to all current masters and remember to apply them to any new ones in the future. > > So I could still set this in dse.ldif (both to disable anonymous binds > as to force using encryption): > > nsslapd-allow-anonymous-access: rootdse > nsslapd-minssf: 56 Yes that will work. Remember, you must make changes to dse.ldif while 389-ds is stopped. rob _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org