Most options in cn=config can be changed while the server is still online. Since you also need to reset the DM password it makes sense to shut it off first.
A brute force way and simple way is to shut down all instances on your machine: systemctl stop dirsrv.target Start it back up in a similar way. I'd recommend you make a backup of dse.ldif just in case prior to making any changes. rob Christian Palacios wrote: > Thank you Rob. I checked the dse.ldif file and it was set to on. In > order to shutdown the server to make the changes, what command should I > use? Lots of help, thanks! > > On Thu, Jul 28, 2022 at 8:53 AM Rob Crittenden <[email protected] > <mailto:[email protected]>> wrote: > > Jeremiah Garmatter wrote: > > Christian, > > > > I had to do this recently so it's still pretty fresh. You need to > track > > down the dse.ldif file on the server hosting 389. dse.ldif is like the > > main config for your 389 instance. My file is in > > /etc/dirsrv/slapd-<hostname>/dse.ldif. > > Once you find that file, look for the cn=config section and set > > "nsslapd-allow-anonymous-access" to "off". You may want to do the same > > with "nsslapd-allow-unauthenticated-binds" which allows binds to occur > > with an empty password. > > > > You can set the Directory Manager account password from that file as > > well with the "nsslapd-rootpw" setting. The value of that setting must > > be the hash of the desired password. You must use the same hashing > > algorithm as described in the passwordStorageScheme. > > Then restart the 389 service and you'll have a new directory manager > > password and disabled anonymous binds. > > Not commenting specifically on the settings but any direct changes to > dse.ldif need to be done while the server is shut down otherwise they > will be overwritten when the server stops. So stop the server, make > changes, restart. > > rob > > > > > -Jeremiah Garmatter, Systems Administrator > > -Ohio Northern University, Class of 2020 > > -Work: 419-772-1074 > > [email protected] <mailto:[email protected]> > <mailto:[email protected] <mailto:[email protected]>> > > > > > > On Thu, Jul 28, 2022 at 10:29 AM Christian Palacios > > <[email protected] > <mailto:[email protected]> > <mailto:[email protected] > <mailto:[email protected]>>> wrote: > > > > Hi there, > > > > We have an instance of 389 and I have been asked to disable > > anonymous bind on it because our current security policies don't > > allow it. Can you please suggest ways to fix this? > Unfortunately, > > I don't have the admin account, so I'm hoping to also get help > with > > that. > > > > Thank you, > > -Christian > > _______________________________________________ > > 389-users mailing list -- [email protected] > <mailto:[email protected]> > > <mailto:[email protected] > <mailto:[email protected]>> > > To unsubscribe send an email to > > [email protected] > <mailto:[email protected]> > > <mailto:[email protected] > <mailto:[email protected]>> > > Fedora Code of Conduct: > > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > List Guidelines: > https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > > > > https://lists.fedoraproject.org/archives/list/[email protected] > > Do not reply to spam on the list, report it: > > https://pagure.io/fedora-infrastructure > > > > > > _______________________________________________ > > 389-users mailing list -- [email protected] > <mailto:[email protected]> > > To unsubscribe send an email to > [email protected] > <mailto:[email protected]> > > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > List Guidelines: > https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > > https://lists.fedoraproject.org/archives/list/[email protected] > > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure > > > _______________________________________________ > 389-users mailing list -- [email protected] > <mailto:[email protected]> > To unsubscribe send an email to > [email protected] > <mailto:[email protected]> > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > > https://lists.fedoraproject.org/archives/list/[email protected] > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure > > > _______________________________________________ > 389-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/[email protected] > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure > _______________________________________________ 389-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
