> On 13 Aug 2020, at 01:11, essen.ids <essen.ids@xxxxxxxxxxxxxxxxx> wrote: > > Hi. > > We are using the 389-ds version 1.4.2.15 with the 389 Admin Server 1.1.46 This combination is unsupported, the admin server only works with 1.3.x series 389-ds and lower. It's worth pointing out if you are already a SLES customer, that as of SLE15SP1 1.4.x of 389-ds is a supported part of SLES, so you could consider a migration to SLE15SP1 for your directory server deployment. > SLE12 has been updated and new Mozilla-nss packages in version 3.53.1 have been installed. > Since then the communication between the admin server and the directory server via ldaps no longer works. > The following message appears: > > mod_admserv/mod_admserv.c(2372): Entering do_admserv_post_config - pid is [15085] > mod_admserv/mod_admserv.c(2380): Entering do_admserv_post_config - init count is [2] > mod_admserv/mod_admserv.c(2403): [15085] Cache expiration set to 600 seconds > sslinit: NSS is required to use LDAPS, but security initialization failed [-8018:Unknown PKCS #11 error.] > > When I downgrade the libsoftokn3 and libfreebl3 packages back to 3.47.1 the error message disappears. But the Connection does not work either. > > I have now seen that since version 3.52.1 Mozilla-NSS PKCS #11 V3.0 is supported and extensive changes have been made to the API. > > Can anyone help me in this matter or do you know whom I could turn to? The only way to prevent this would be to pin the package versions of the mozilla nss libraries and related parts so that the admin server works. But the admin server has not been maintained in a long time, and this means that it will never be upgraded to support newer mozilla nss packages. :( Sorry about that, — Sincerely, William Brown Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx