Djerk Geurts via FreeIPA-users wrote:
I'm trying to disable anonymous bind, in fact until today I
thought I had. But alas nsslapd-allow-anonymous-access is on and I'm unable to turn it
off.
```
user@ipa:~$ ldapsearch -x -H LDAP://ipa.domain.com:389 -D 'cn=Directory Manager'
-W "(objectClass=*)" -b cn=config -s base nsslapd-allow-anonymous-access
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <cn=config> with scope baseObject
# filter: (objectClass=*)
# requesting: nsslapd-allow-anonymous-access
#
# config
dn: cn=config
nsslapd-allow-anonymous-access: on
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
```
I don't get any errors, but I don't see the value changed configuration either:
```
user@ipa:~$ ldapmodify -x -D 'cn=Directory Manager' -W -H
LDAP://ipa.domain.com:389
Enter LDAP Password:
dc: cn=config
changetype: modify
replace: nsslapd-allow-anonymous-access
nsslapd-allow-anonymous-access: rootdse
user@ipa:~$
```
You have dc: cn=config and not dn: cn=config. After the modify you
should see something like:
modifying entry "cn=config"
I think it's still waiting for a dn to operate on, hence no error.
rob