I started comparing packages with the failing LDAPS and to another that is working fine and discovered that one of the packages was older than the working one. So updated all of the packages and was able to pull the latest 389 packages needed. Then, I remove the existing config instance, reinstalled 389-admin and 389-adminutil, ran the setup and was able to successfully create the config instance and get dirsrv-admin to start. This wasnt an issue of TLS or ciphers, just that the admin serv could not bind to the config instance. Maybe synching the packages up with the right versions enable it to move past the post configuration steps.

It's been a long time since I've had to use the admin-serv, so this is really stretching my knowledge!

I wonder if this change could be related again to TLS/SSL, where an update to NSS has caused the java crypto libraries to be unable to connect.

Is the admin serv trying to connect via LDAPS/LDAP+StartTLS or is it trying to use LDAPI? That's probably the first thing that will hint where we need to look,

Thanks,

On 4 Sep 2020, at 00:49, Paul Whitney <paul.whitney@mac.com> wrote:

Hi,
I am running into an issue where I am trying to set up a DS master on CentOS 7.

When I run setup-ds-admin.pl, I am able to successfully create the slapd-config instance. But the admin-serv fails to bind to the config. The error is like this

"Sat Jan 02 21:32:12.629960 2016] [:warn] [pid 1497:tid $THREAD] NSSSessionCacheTimeout is
deprecated. Ignoring.
[Sat Jan 02 21:32:12.630027 2016] [:crit] [pid 1497:tid $THREAD] do_admserv_post_config(): unable to create AdmldapInfo
AH00016: Configuration Failed"

I found this post at https://lists.fedoraproject.org/archives/list/389users@lists.fedoraproject.org/thread/ZE3HNWAR6DCDADH43HGEI2VXIK2LME3J/ But this is not an upgrade for me. Just trying to create the config and admin-serv.

I have the following installed:

389-ds-base-1.3.10.1-14.el7_8.x86_64
389-ds-base-libs-1.3.10.1-14.el7_8.x86_64
389-admin-1.1.46-1.el7.x86_64
389-adminutil-1.1.22-2.el7.x86_64

I dont believe it is the packages installed, but something missing. When I do install initially, the 389-admin packages, /var/log/dirsrv/admin-serv does not get created. i end up creating it along with the error and access file, then run restorecon -r on the directory.

The server I am working is actually a clone of a working directory server, even more puzzling.

Any suggestions to get past this is greatly appreciated.

Paul M. Whitney
E-mail: paul.whitney@mac.com
Cell: 410.493.9448
Sent from my browser.

_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org

—
Sincerely,

William Brown

Senior Software Engineer, 389 Directory Server
SUSE Labs
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org