On 11/23/2013 07:36 PM, i iordanov wrote:
Hi Juan,
I found the setting in the file you pointed me to:
nsslapd-minssf: 0
I changed it to 1, but as soon as I restart the ipa service with:
systemctl restart ipa
or reboot it reverts back to 0! Why is this happening?
Did you change it while the server was running? If so during stop the
server will probably overwrite the file. Try to change it after stopping
the server:
# systemctl stop dirsrv@YOUR-REALM
# sed -r -i 's/^(nsslapd-minssf):.*$/\1: 1/'
/etc/dirsrv/slapd-YOUR-REALM/dse.ldif
# systemctl start dirsrv@YOUR-REALM
In fact modifying the file is not good practice, you may prefer to do it
using LDAP:
# cat > fixssf.ldif <<.
dn: cn=config
replace: nsslapd-minssf
nsslapd-minssf: 1
-
.
# ldapmodify -H ldap://your.ldap.server -D 'cn=Directory Manager' -x -w
your_directory_manager_password -f fixssf.ldif
I have just tested this in my local environment and with minssf=1 it
works correctly, including the ability to search for users in the LDAP
directory from the administration GUI and using those users to log in to
both the administration GUI and to the user portal.
--
Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta
3ºD, 28016 Madrid, Spain
Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.