Hi Deepak, What you did was disabling unsecure connections to the directory service.
As such, use LDAPS to connect and enable unsecure connections again: ldapmodify -D "cn=directory manager" -W -H ldaps://`hostname` dn: cn=config changetype: modify replace: nsslapd-minssf nsslapd-minssf: 0 If the directory service is stopped, you can edit the attribute in /etc/dirsrv/slapd-EXAMPLE-COM/dse.ldif and start the service. Hope it helps, Guillermo GUILLERMO FUENTES SENIOR SYSTEMS ADMINISTRATOR T: 561-880-2998 x1337 E: [email protected] [image: [ Modernizing Medicine ]] <http://www.modmed.com/> [image: [ Facebook ]] <http://www.facebook.com/modernizingmedicine> [image: [ LinkedIn ]] <http://www.linkedin.com/company/modernizing-medicine/> [image: [ YouTube ]] <http://www.youtube.com/user/modernizingmedicine> [image: [ Twitter ]] <https://twitter.com/modmed_EMA> [image: [ Blog ]] <http://www.modmed.com/BlogBeyondEMR> [image: [ Instagram ]] <http://instagram.com/modernizing_medicine> [image: [ MOMENTUM 2016 ]] <https://www.eventproducers.events/momentum2016> On Thu, Oct 20, 2016 at 8:03 AM, Deepak Dimri <[email protected]> wrote: > Hi All, > > > I wanted to enable secure LDAP connection on freeIPA but alas after > changing cn=config > > nsslapd-minssf from 0 to 128 i am getting below error: > > > ipactl restart > > Failed to read data from Directory Service: Unknown error when retrieving > list of services from LDAP: Server is unwilling to perform: Minimum SSF not > met. > > Shutting down > > > When trying to put back the original nsslapd-minssf to "0" i am getting below > error: > > modifying entry "cn=config" > > ldap_modify: Server is unwilling to perform (53) > > additional info: Minimum SSF not met. > > > I tried below configuration but still getting unwilling to perform (53) > Minimum SSF not met Error. > > > dn: cn=config > > changetype: modify > > replace: nsslapd-minssf > > nsslapd-minssf: 10 > > - > > replace: nsslapd-allow-anonymous-access > > nsslapd-allow-anonymous-access: on > > - > > replace: nsslapd-minssf-exclude-rootdse > > nsslapd-minssf-exclude-rootdse: off > > > I am following the steps mentioned here: https://access.redhat.co > m/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Admi > nistration_Guide/SecureConnections.html > Chapter 14. Configuring Secure Connections - Red Hat Support > <https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/SecureConnections.html> > access.redhat.com > By default, clients and users connect to the Red Hat Directory Server over > a standard connection. Standard connections do not use any encryption, so > information is ... > > > How can i get LDAPS working on my FreeIPA? > > > Many Thanks, > > Deepak > > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
