35.2. Configuring the Directory Server Component

To configure Directory Server (DS) manually:
  1. Stop DS:
    # systemctl stop dirsrv@EXAMPLE-COM.service
  2. Open the /etc/dirsrv/slapd-EXAMPLE-COM/dse.ldif file, and modify the cn=encryption,cn=config entry to set the following:
    sslVersionMin: TLS1.2
  3. Start DS:
    # systemctl start dirsrv@EXAMPLE-COM.service
Alternatively, to configure DS automatically using the ldapmodify utility:
  1. Use ldapmodify to make the configuration changes for you:
    ldapmodify -h localhost -p 389 -D 'cn=directory manager' -W << EOF
    dn: cn=encryption,cn=config
    changeType: modify
    replace: sslVersionMin
    sslVersionMin: TLS1.2
  2. Restart DS to load the new configuration:
    # systemctl restart dirsrv@EXAMPLE-COM.service