[Users] Free IPA + oVirt setup fails

Juan Hernandez jhernand at redhat.com
Sat Nov 23 20:03:55 UTC 2013

On 11/23/2013 07:36 PM, i iordanov wrote:
> Hi Juan,
> I found the setting in the file you pointed me to:
>     nsslapd-minssf: 0
> I changed it to 1, but as soon as I restart the ipa service with:
>     systemctl  restart ipa
> or reboot it reverts back to 0! Why is this happening?

Did you change it while the server was running? If so during stop the
server will probably overwrite the file. Try to change it after stopping
the server:

# systemctl stop dirsrv at YOUR-REALM
# sed -r -i 's/^(nsslapd-minssf):.*$/\1: 1/'
# systemctl start dirsrv at YOUR-REALM

In fact modifying the file is not good practice, you may prefer to do it
using LDAP:

# cat > fixssf.ldif <<.
dn: cn=config
replace: nsslapd-minssf
nsslapd-minssf: 1
# ldapmodify -H ldap://your.ldap.server -D 'cn=Directory Manager' -x -w
your_directory_manager_password -f fixssf.ldif

I have just tested this in my local environment and with minssf=1 it
works correctly, including the ability to search for users in the LDAP
directory from the administration GUI and using those users to log in to
both the administration GUI and to the user portal.

Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta
3ºD, 28016 Madrid, Spain
Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.

More information about the Users mailing list