Re: upgrade to 389-ds-base-1.3.4 Q

[ghiureai <isabella.ghiurea@xxxxxxxxxxxxxx>]

On 12/01/2015 11:42 AM, ghiureai wrote:

Rich, pls see the answers to your Q's (   the DS upgrade worked but the  DS Admin set up will not behave same way )

...

setup-ds-admin.pl -u

this will not give the noption for upgrade like with (setup-ds.pl -u)
see the menu bellow
setup-ds-admin.pl -u

==============================================================================
This program will set up the 389 Directory and Administration Servers.

It is recommended that you have "root" privilege to set up the software.
Tips for using this program:
  - Press "Enter" to choose the default and go to the next screen
  Would you like to continue with set up? [yes]:

==============================================================================
Your system has been scanned for potential problems, missing patches,
etc.  The following output is a report of the items found that need to
be addressed before running this software in a production
environment.

Would you like to continue? [no]: yes

==============================================================================
Choose a setup type:

   1. Express
       Allows you to quickly set up the servers using the most
       common options and pre-defined defaults. Useful for quick
       evaluation of the products.

2 ....................................................................

...

What repo are you using? What platform is this? If you are using el6 or el7 you must use epel6 or epel7 to get the admin/console packages.

...

Linux  2.6.32-431.el6.x86_64 #1 SMP Thu Nov 21 13:35:52 CST 2013 x86_64 x86_64 x86_64 GNU/Linux
epel6
rpm -qa | grep 389-*
389-ds-console-1.2.12-000.x86_64
389-ds-base-1.3.4.4-000.x86_64
389-admin-1.1.42-000.x86_64
389-admin-console-1.1.10-000.x86_64
389-adminutil-1.1.22-000.x86_64
389-console-1.1.9-000.x86_64



On 12/01/2015 10:42 AM, ghiureai wrote:

Thank you Rich for reply one more related issues I see :

When need to run the  ds admin update  I do not see the  options for 
update,  seems goes back and asks all the Q's  as a new fresh 
installation ( ??)
What we are missing from this upgrade installation here is what is been 
installed
    grep 389-*
389-ds-console-1.2.12-000.x86_64
389-admin-1.1.42-000.x86_64
389-ds-base-1.3.4.4-000.x86_64
389-console-1.1.9-000.x86_64
389-admin-console-1.1.10-000.x86_64
389-adminutil-1.1.22-000.x86_64





On 12/01/2015 09:07 AM, ghiureai wrote:

Hi List,
we are tying to upgrade to 389-ds 1.3.4 from 1.2.2 , after rpm installed
and update the server ,  when restarting the DS geting the following in
DS errorlog, there is no such  "entryallowWeakCipher" in cfg file , what
should we dissable see entries for this cn

   SSL alert: Cipher rsa_rc4_128_md5 is weak. It is enabled since
allowWeakCipher is "on" (default setting for the backward
compatibility). We strongly recommend to set it to "off".  Please
replace the value of allowWeakCipher with "off" in the encryption config
entry cn=encryption,cn=config and restart the server.

dn: cn=encryption,cn=config
objectClass: top
objectClass: nsEncryptionConfig
cn: encryption
nsSSLSessionTimeout: 0
nsSSLClientAuth: allowed
nsSSL2: off

nsSSL3: off ----->>> This was on but turn to "off"

creatorsName: cn=server,cn=plugins,cn=config
modifiersName:
uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo
   t
createTimestamp: xxxxxxxxxxxxxxxx
modifyTimestamp:xxxxxxxxxxxxxxxxxxxx
nsSSL3Ciphers:
-rsa_null_md5,-rsa_null_sha,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+r
   sa_rc2_40_md5,+rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha,+rsa_fips_3des_sha
   ,+fortezza,+fortezza_rc4_128_sha,+fortezza_null,+tls_rsa_export1024_with_rc4_
   56_sha,+tls_rsa_aes_128_sha,+tls_rsa_aes_256_sha


xxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxx

Thank you for your time
Isabella

--
389 users mailing list
389-users@%(host_name)s
http://lists.fedoraproject.org/admin/lists/389-users@xxxxxxxxxxxxxxxxxxxxxxx