What LDAP Attributes Require a Restart of Directory Server After Editing?
Environment
- Red Hat Enterprise Linux 6
- Red Hat Enterprise Linux 7
- Red Hat Enterprise Linux 8
- 389-ds-base (IDM & RHDS)
Issue
When editing some attributes with ldapmodify or similar commands, the change does not take place immediately.
Resolution
These are the attributes that require a restart of the Directory Server:
nsslapd-requiresrestart: cn=config:nsslapd-port
nsslapd-requiresrestart: cn=config:nsslapd-secureport
nsslapd-requiresrestart: cn=config:nsslapd-ldapifilepath
nsslapd-requiresrestart: cn=config:nsslapd-ldapilisten
nsslapd-requiresrestart: cn=config:nsslapd-workingdir
nsslapd-requiresrestart: cn=config:nsslapd-plugin
nsslapd-requiresrestart: cn=config:nsslapd-sslclientauth
nsslapd-requiresrestart: cn=config:nsslapd-changelogdir
nsslapd-requiresrestart: cn=config:nsslapd-changelogsuffix
nsslapd-requiresrestart: cn=config:nsslapd-changelogmaxentries
nsslapd-requiresrestart: cn=config:nsslapd-changelogmaxage
nsslapd-requiresrestart: cn=config:nsslapd-db-locks
nsslapd-requiresrestart: cn=config:nsslapd-maxdescriptors
nsslapd-requiresrestart: cn=config:nsslapd-return-exact-case
nsslapd-requiresrestart: cn=config:nsslapd-schema-ignore-trailing-spaces
nsslapd-requiresrestart: cn=config,cn=ldbm:nsslapd-idlistscanlimit
nsslapd-requiresrestart: cn=config,cn=ldbm:nsslapd-parentcheck
nsslapd-requiresrestart: cn=config,cn=ldbm:nsslapd-dbcachesize
nsslapd-requiresrestart: cn=config,cn=ldbm:nsslapd-dbncache
nsslapd-requiresrestart: cn=config,cn=ldbm:nsslapd-cachesize
nsslapd-requiresrestart: cn=config,cn=ldbm:nsslapd-plugin
nsslapd-requiresrestart: cn=encryption,cn=config:nssslsessiontimeout
nsslapd-requiresrestart: cn=encryption,cn=config:nssslclientauth
nsslapd-requiresrestart: cn=encryption,cn=config:nsssl2
nsslapd-requiresrestart: cn=encryption,cn=config:nsssl3
To restart Directory Server on Red Hat Enterprise Linux 7/8:
# systemctl stop dirsrv.target
# systemctl start dirsrv.target
To restart Directory Server on Red Hat Enterprise Linux 6:
# service dirsrv stop
# service dirsrv start
Root Cause
Some Attributes, when edited, require a restart of the Directory Server to take effect.
Diagnostic Steps
If we run the command:
# ldapsearch -D 'cn=directory manager' -W -b "cn=config" -s sub -x "(objectclass=*)" | grep nsslapd-requiresrestart
It will show us all the attributes that will require a restart of the Directory Server.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments