in chapter 36 (https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/pdf/linux_domain_identity_authentication_and_policy_guide/Red_Hat_Enterprise_Linux-7-Linux_Domain_Identity_Authentication_and_Policy_Guide-en-US.pdf) we have instructions on disabling anonymous binds.

Can I set these settings in dse.ldif instead of using the ldapmodify commando? I think cn=config is not replicated

So I could still set this in dse.ldif (both to disable anonymous binds as to force using encryption):

nsslapd-allow-anonymous-access: rootdse
nsslapd-minssf: 56