Re: 389 Admin Server 1.1.46 / SLE12 SP3 / Update mozilla-nss 3.47 -> 3.53.1

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


> On 13 Aug 2020, at 01:11, essen.ids <essen.ids@xxxxxxxxxxxxxxxxx> wrote:
> 
> Hi.
> 
> We are using the 389-ds version 1.4.2.15 with the 389 Admin Server  1.1.46

This combination is unsupported, the admin server only works with 1.3.x series 389-ds and lower. 

It's worth pointing out if you are already a SLES customer, that as of SLE15SP1 1.4.x of 389-ds is a supported part of SLES, so you could consider a migration to SLE15SP1 for your directory server deployment. 

> SLE12 has been updated and new Mozilla-nss packages in version 3.53.1 have been installed.
> Since then the communication between the admin server and the directory server via ldaps no longer works.
> The following message appears:
> 
> mod_admserv/mod_admserv.c(2372): Entering do_admserv_post_config - pid is [15085]
> mod_admserv/mod_admserv.c(2380): Entering do_admserv_post_config - init count is [2]
> mod_admserv/mod_admserv.c(2403): [15085] Cache expiration set to 600 seconds
> sslinit: NSS is required to use LDAPS, but security initialization failed [-8018:Unknown PKCS #11 error.]
> 
> When I downgrade the libsoftokn3 and libfreebl3 packages back to 3.47.1 the error message disappears. But the Connection does not work either.
> 
> I have now seen that since version 3.52.1 Mozilla-NSS PKCS #11 V3.0 is supported and extensive changes have been made to the API.
> 
> Can anyone help me in this matter or do you know whom I could turn to?

The only way to prevent this would be to pin the package versions of the mozilla nss libraries and related parts so that the admin server works. But the admin server has not been maintained in a long time, and this means that it will never be upgraded to support newer mozilla nss packages. :( 

Sorry about that, 

—
Sincerely,

William Brown

Senior Software Engineer, 389 Directory Server
SUSE Labs
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux