Thank you Rob. I checked the dse.ldif file and it was set to on. In order to shutdown the server to make the changes, what command should I use? Lots of help, thanks!
On Thu, Jul 28, 2022 at 8:53 AM Rob Crittenden <[email protected]> wrote: > Jeremiah Garmatter wrote: > > Christian, > > > > I had to do this recently so it's still pretty fresh. You need to track > > down the dse.ldif file on the server hosting 389. dse.ldif is like the > > main config for your 389 instance. My file is in > > /etc/dirsrv/slapd-<hostname>/dse.ldif. > > Once you find that file, look for the cn=config section and set > > "nsslapd-allow-anonymous-access" to "off". You may want to do the same > > with "nsslapd-allow-unauthenticated-binds" which allows binds to occur > > with an empty password. > > > > You can set the Directory Manager account password from that file as > > well with the "nsslapd-rootpw" setting. The value of that setting must > > be the hash of the desired password. You must use the same hashing > > algorithm as described in the passwordStorageScheme. > > Then restart the 389 service and you'll have a new directory manager > > password and disabled anonymous binds. > > Not commenting specifically on the settings but any direct changes to > dse.ldif need to be done while the server is shut down otherwise they > will be overwritten when the server stops. So stop the server, make > changes, restart. > > rob > > > > > -Jeremiah Garmatter, Systems Administrator > > -Ohio Northern University, Class of 2020 > > -Work: 419-772-1074 > > [email protected] <mailto:[email protected]> > > > > > > On Thu, Jul 28, 2022 at 10:29 AM Christian Palacios > > <[email protected] <mailto:[email protected]>> > wrote: > > > > Hi there, > > > > We have an instance of 389 and I have been asked to disable > > anonymous bind on it because our current security policies don't > > allow it. Can you please suggest ways to fix this? Unfortunately, > > I don't have the admin account, so I'm hoping to also get help with > > that. > > > > Thank you, > > -Christian > > _______________________________________________ > > 389-users mailing list -- [email protected] > > <mailto:[email protected]> > > To unsubscribe send an email to > > [email protected] > > <mailto:[email protected]> > > Fedora Code of Conduct: > > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > List Guidelines: > https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > > > https://lists.fedoraproject.org/archives/list/[email protected] > > Do not reply to spam on the list, report it: > > https://pagure.io/fedora-infrastructure > > > > > > _______________________________________________ > > 389-users mailing list -- [email protected] > > To unsubscribe send an email to [email protected] > > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > https://lists.fedoraproject.org/archives/list/[email protected] > > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure > > > _______________________________________________ > 389-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/[email protected] > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure >
_______________________________________________ 389-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
