Environment
eDirectory
Situation
After updating an LDAP server object's ciphers and applying the changes, the same set of ciphers were still available for connections to the LDAP server.
Resolution
Cipher changes are one of the few things that require a restart of ldap services. To restart ldap you can:
- stop nldap (nldap -u) & start nldap (nldap -l)
- restart eDirectory (rcndsd restart)
(Note: the linux commands are in parentheses).
Additional Information
To serve as a reminder, the iManager plug-in has been updated (in iManager 2.7 SP7 Patch 7 and later) to include the following message after modifying the cipher level:
As the LDAP service is not automatically restarted when applying changes to the ldap server object, processes/services that rely on LDAP being up/available are no impacted (for example: current ldap binds and queries).
As the LDAP service is not automatically restarted when applying changes to the ldap server object, processes/services that rely on LDAP being up/available are no impacted (for example: current ldap binds and queries).