|
William thank you for reply, bellow is output for certl cmd for this host with error( Failed to get the default state of cipher) To deploy almost identical ldap hosts , the Sys Admin here is using Puppet but unfortunelly are always issues with rpms version mismatch and cfg , can you suggest another solution to deploy multiple ldap hosts all running same version
and almost same cfg , only diff in ldap hosts is the name of DS instance aka :ldap* Here is the output s per your request: certutil -L -d /etc/dirsrv/slapd-ldap2/ Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI n1-2.xxx.xxx.xx u,u,u XX Internal Root CA CT,, XX Internal CA CT,, Regards Isabella From: William Brown <wbrown@xxxxxxx> Subject: [389-users] Re: 389-DS Failed to get the default state of cipher To: "389-users@xxxxxxxxxxxxxxxxxxxxxxx" <389-users@xxxxxxxxxxxxxxxxxxxxxxx> Message-ID: <87B2EB8A-BA13-4F9B-979E-252D5423C0C1@xxxxxxx> Content-Type: text/plain; charset=utf-8 > > we have another host with same version and suppose same cfg but never
> saw the error, > > [24/Jun/2020:09:22:54.687024072 -0700] - ERR - Security Initialization
> - _conf_setallciphers - Failed to get the default state of cipher
> (null) I'm curious - how did you make a host with the same config? Normally with 389 you need to configure both individually to look the same but you can't copy-paste config files etc.
My guess here is that perhaps your nss db isn't configured properly, so I'd want to see the output of certutil -L -d /etc/dirsrv/slapd-<instance>/ on the affected host.
— Sincerely, William Brown |
_______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
