[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ssf settings on server restart

To: Christian Bösch <boesch@fhv.at>
Subject: Re: ssf settings on server restart
From: Aaron Richton <richton@nbcs.rutgers.edu>
Date: Wed, 1 Dec 2010 08:51:17 -0500 (EST)
Cc: openldap-technical@openldap.org
In-reply-to: <BB9CFEA8-3453-4324-A03E-B8FF31C51383@fhv.at>
References: <C1026E5D-5897-4FE7-8E1A-E40AB324B47A@fhv.at> <alpine.SOC.2.00.1011300838190.8222@toolbox.rutgers.edu> <BB9CFEA8-3453-4324-A03E-B8FF31C51383@fhv.at>
User-agent: Alpine 2.00 (SOC 1167 2008-08-23)

On Wed, 1 Dec 2010, Christian Bösch wrote:

yes thats clear.
the above model with global ssf=0 and acls for exceptions is working fine as long i don't restart the slapd.
if i restart slapd, encryption is also required for the defined ips in the acl. then i have to change the global ssf value to something and then
back to ssf=0 and it works again!
i wanted to know why this strange behaviour happens?


Maybe trace out where you start and where you're going:

* stop slapd, check with slapcat -n 0 what your initial ssf= value is

* start slapd and check with ldapsearch that that ssf= value actually ispresent in cn=config


* verify that you're getting behavior that matches what cn=config says

* do your ldapmodify to ssf=1, ldapsearch cn=config to verify, verifybehavior

* do your ldapmodify to ssf=0, ldapsearch cn=config to verify, verifybehavior



Which of these work as expected? Which don't?

Follow-Ups:
- Re: ssf settings on server restart
  - From: Christian Bösch <boesch@fhv.at>

Prev by Date: Re: ACL based on superior entry
Next by Date: Re: ssf settings on server restart
Index(es):
- Chronological
- Thread