Most options in cn=config can be changed while the server is still online. Since you also need to reset the DM password it makes sense to shut it off first. A brute force way and simple way is to shut down all instances on your machine: systemctl stop dirsrv.target Start it back up in a similar way. I'd recommend you make a backup of dse.ldif just in case prior to making any changes. rob Christian Palacios wrote: > Thank you Rob. I checked the dse.ldif file and it was set to on. In > order to shutdown the server to make the changes, what command should I > use? Lots of help, thanks! > > On Thu, Jul 28, 2022 at 8:53 AM Rob Crittenden <rcritten@xxxxxxxxxx > <mailto:rcritten@xxxxxxxxxx>> wrote: > > Jeremiah Garmatter wrote: > > Christian, > > > > I had to do this recently so it's still pretty fresh. You need to > track > > down the dse.ldif file on the server hosting 389. dse.ldif is like the > > main config for your 389 instance. My file is in > > /etc/dirsrv/slapd-<hostname>/dse.ldif. > > Once you find that file, look for the cn=config section and set > > "nsslapd-allow-anonymous-access" to "off". You may want to do the same > > with "nsslapd-allow-unauthenticated-binds" which allows binds to occur > > with an empty password. > > > > You can set the Directory Manager account password from that file as > > well with the "nsslapd-rootpw" setting. The value of that setting must > > be the hash of the desired password. You must use the same hashing > > algorithm as described in the passwordStorageScheme. > > Then restart the 389 service and you'll have a new directory manager > > password and disabled anonymous binds. > > Not commenting specifically on the settings but any direct changes to > dse.ldif need to be done while the server is shut down otherwise they > will be overwritten when the server stops. So stop the server, make > changes, restart. > > rob > > > > > -Jeremiah Garmatter, Systems Administrator > > -Ohio Northern University, Class of 2020 > > -Work: 419-772-1074 > > -j-garmatter@xxxxxxx <mailto:j-garmatter@xxxxxxx> > <mailto:j-garmatter@xxxxxxx <mailto:j-garmatter@xxxxxxx>> > > > > > > On Thu, Jul 28, 2022 at 10:29 AM Christian Palacios > > <christiandpalacios@xxxxxxxxx > <mailto:christiandpalacios@xxxxxxxxx> > <mailto:christiandpalacios@xxxxxxxxx > <mailto:christiandpalacios@xxxxxxxxx>>> wrote: > > > > Hi there, > > > > We have an instance of 389 and I have been asked to disable > > anonymous bind on it because our current security policies don't > > allow it. Can you please suggest ways to fix this? > Unfortunately, > > I don't have the admin account, so I'm hoping to also get help > with > > that. > > > > Thank you, > > -Christian > > _______________________________________________ > > 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx > <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx> > > <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx > <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>> > > To unsubscribe send an email to > > 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx > <mailto:389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx> > > <mailto:389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx > <mailto:389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx>> > > Fedora Code of Conduct: > > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > List Guidelines: > https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > > > https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx > > Do not reply to spam on the list, report it: > > https://pagure.io/fedora-infrastructure > > > > > > _______________________________________________ > > 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx > <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx> > > To unsubscribe send an email to > 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx > <mailto:389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx> > > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > List Guidelines: > https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx > > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure > > > _______________________________________________ > 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx > <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx> > To unsubscribe send an email to > 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx > <mailto:389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx> > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure > > > _______________________________________________ > 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx > Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure > _______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
