35.2. Configuring the Directory Server Component

To configure DS automatically using the ldapmodify utility:
  1. Use ldapmodify to make the configuration changes for you:
    ldapmodify -h localhost -p 389 -D 'cn=directory manager' -W << EOF
    dn: cn=encryption,cn=config
    changeType: modify
    replace: sslVersionMin
    sslVersionMin: TLS1.2
    EOF
  2. Restart DS to load the new configuration:
    # systemctl restart dirsrv@EXAMPLE-COM.service
To configure Directory Server (DS) manually:
  1. Stop DS:
    # systemctl stop dirsrv@EXAMPLE-COM.service
  2. Open the /etc/dirsrv/slapd-EXAMPLE-COM/dse.ldif file, and modify the cn=encryption,cn=config entry to set the following:
    sslVersionMin: TLS1.2
  3. Start DS:
    # systemctl start dirsrv@EXAMPLE-COM.service

Important

Make sure you shut down the server first before editing the dse.ldif file manually. DS reads this file only once at startup, therefore any manual changes while the server is running will be lost if the configuration changes through LDAP. Editing the dse.ldif file is recommended only for changes to attributes which cannot be altered dynamically.