Bug#841477: marked as done (389-ds-base: 389 directory server fails to start TLS/SSL)

Wed, 26 Oct 2016 15:37:11 -0700 

Your message dated Wed, 26 Oct 2016 22:35:13 +0000
with message-id <[email protected]>
and subject line Bug#841477: fixed in svrcore 1:4.1.2+dfsg1-3
has caused the Debian Bug report #841477,
regarding 389-ds-base: 389 directory server fails to start TLS/SSL
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
841477: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=841477
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: 389-ds-base
Version: 1.3.5.13-1
Severity: important

Dear Maintainer,
After recent updates the 389 directory server fails to start SSL on port
636. The rest of server starts fine but in the logs, there is an error
message:
SSL alert: Security Initialization: Unable to create PinObj (Netscape Portable 
Runtime error -5977 - Failure to load dynamic library.)
ERROR: SSL Initialization Failed.  Disabling SSL.
When I ran strace on ns-slapd, I've noticed it's missing file
/etc/dirsrv/slapd-suffix/libnssckbi.so. After linking
/usr/lib/x86_64-linux-gnu/nss/libnssckbi.so from package libnss3 the
error message changed to:
SSL alert: Security Initialization: Unable to create PinObj (Netscape Portable 
Runtime error -8015 - The certificate/key database is in an old, unsupported 
format or failed to open.)
I've checked the cert db with certutil -L -d /etc/dirsrv/slapd-suffix
and it seems OK. The certificate is valid until the start of the
november so I have no idea now, where the problem might be. Is it some
libraries incompatibility or are there some other steps I can do to
debug the issue.
I'm running 389 server as a part of freeipa installation, so I'm now not
able to issue different certificate to test, becouse the CA can't start
without LDAP server running.

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (650, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.6.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=cs_CZ.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages 389-ds-base depends on:
ii  389-ds-base-libs             1.3.5.13-1
ii  acl                          2.2.52-3
ii  adduser                      3.115
ii  debconf [debconf-2.0]        1.5.59
ii  init-system-helpers          1.45
ii  ldap-utils                   2.4.42+dfsg-2+b3
ii  libc6                        2.24-5
ii  libdb5.3                     5.3.28-12
ii  libgcc1                      1:6.2.0-7
ii  libicu57                     57.1-4
ii  libldap-2.4-2                2.4.42+dfsg-2+b3
ii  libmozilla-ldap-perl         1.5.3-2+b3
ii  libnetaddr-ip-perl           4.079+dfsg-1+b1
ii  libnspr4                     2:4.12-6
ii  libnss3                      2:3.26-2
ii  libpam0g                     1.1.8-3.3
ii  libpci3                      1:3.3.1-1.1
ii  libperl4-corelibs-perl       0.003-2
ii  libsasl2-2                   2.1.26.dfsg1-15
ii  libsasl2-modules-gssapi-mit  2.1.26.dfsg1-15
ii  libsensors4                  1:3.4.0-3
ii  libsnmp30                    5.7.3+dfsg-1.5+b1
ii  libsocket-getaddrinfo-perl   0.22-3
ii  libssl1.0.2                  1.0.2j-1
ii  libstdc++6                   6.2.0-7
ii  libsvrcore0                  1:4.1.2+dfsg1-2
ii  libsystemd0                  231-9
ii  libwrap0                     7.6.q-25
ii  perl                         5.24.1~rc3-3
ii  python                       2.7.11-2
ii  systemd                      231-9

389-ds-base recommends no packages.

389-ds-base suggests no packages.

-- Configuration Files:
/etc/default/dirsrv changed:
KRB5_KTNAME=/etc/dirsrv/ds.keytab
KRB5CCNAME=/tmp/krb5cc_114

/etc/default/dirsrv.systemd changed:
[Service]
TimeoutStartSec=10m
NotifyAccess=all
LimitNOFILE=8192


-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: svrcore
Source-Version: 1:4.1.2+dfsg1-3

We believe that the bug you reported is fixed in the latest version of
svrcore, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Timo Aaltonen <[email protected]> (supplier of updated svrcore package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 26 Oct 2016 23:59:37 +0300
Source: svrcore
Binary: libsvrcore0 libsvrcore-dev
Architecture: source
Version: 1:4.1.2+dfsg1-3
Distribution: unstable
Urgency: medium
Maintainer: Debian 389ds Team 
<[email protected]>
Changed-By: Timo Aaltonen <[email protected]>
Description:
 libsvrcore-dev - Development files for Netscape's secure PIN storage library
 libsvrcore0 - Netscape's secure PIN storage library
Closes: 841477
Changes:
 svrcore (1:4.1.2+dfsg1-3) unstable; urgency=medium
 .
   * rules: Enable support for systemd password agent. (Closes: #841477)
Checksums-Sha1:
 9112d3cc5ecb8d021ca9ed578a6cb1a08dd4fb9e 2085 svrcore_4.1.2+dfsg1-3.dsc
 63a1d652ad4b84d2edc695e98e2b87f685681abf 8088 
svrcore_4.1.2+dfsg1-3.debian.tar.xz
Checksums-Sha256:
 595fa660cd368147db0921bb9c8ed198d5abbcdac68505eeb526d82f307c50a6 2085 
svrcore_4.1.2+dfsg1-3.dsc
 88a5de75365e7f9fdc7da06ddf8ce19478dc58dd6f542efac70b53de48c7be87 8088 
svrcore_4.1.2+dfsg1-3.debian.tar.xz
Files:
 3498804f91d60f31749da46749845ea0 2085 libs optional svrcore_4.1.2+dfsg1-3.dsc
 d4cda3af5df0e672a128a003128700fb 8088 libs optional 
svrcore_4.1.2+dfsg1-3.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYERmHAAoJEMtwMWWoiYTchCAQAK7C5c5gRbcStngyywzLgwrk
9nr+dYtLlS66N8hx68sY4MwklzNWBxAXcHDLAigO1m/u8EQvVrLg1WG8XTdDqXSV
F0xt+5wLDPQbI7x5bYBzS3j83vmvDcNp8fgsudHCeICdWp8Dz+UIW4nnZJ2gmb3r
1aworRKungPTKwbqcQ1BI1gMRh8goFrLDPRUf1J+NDmSeCBzclT9dsdRh8KsdcqQ
QF1vlD9Ivq79eq7mxNek1HL3qnl8Gg4JKlXjDpnzC0XnOxqReZjc/ewmDWVZ9nLI
gNf7c0xsBDuKhOmFjv31lw3ZdGS9I8kUXjQGLxNSLSvemFt2TraTmlkrJPVpNv50
/n0Kd1s/KzO6WKNdrM0HQtWVNBw5Opcm0YNBGHITaPX2X4rPfqwQGwGn6vo5yOXO
EQnNVUGdgUR8/UysyDVGBwOQ447IkXb3597hnRTyobKyu6OuMypHM/p4IGz8mi+m
rx9FZYyxhaYgu4KrEaZeAoEWnkRzT7KShdj5dCeqQcmmeN6wV5bSVukIZ4ZmDHdc
ABK7HPDYpQ7ODqjIY2gam25eGGIQ5cp61/LWfpup973Cj1f6NaaVb43GNVPafjU7
7wGUvvuyYMapeRX2z3yfgD7x44NQ8mpg918QN1VAJdYrwcrrxCWEIL707J1WNgfo
6H9yHRPr6rK5W4hkXrxm
=Gx+Q
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to