[Freeipa-users] Re: hardening question
Natxo Asenjo via FreeIPA-users wrote:
hi,
in chapter 36
(https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/...
<https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/...>)
we have instructions on disabling anonymous binds.
Can I set these settings in dse.ldif instead of using the ldapmodify
commando? I think cn=config is not replicated
That is correct. You'll need to make the changes to all current masters
and remember to apply them to any new ones in the future.
So I could still set this in dse.ldif (both to disable anonymous binds
as to force using encryption):
nsslapd-allow-anonymous-access: rootdse
nsslapd-minssf: 56
Yes that will work.
Remember, you must make changes to dse.ldif while 389-ds is stopped.
rob