[389-users] Re: CVE-2017-15135
On Mon, 2018-01-29 at 15:08 +, Torgersen, Eric A wrote: > Are there any details or guidance available regarding the following: > > https://bugzilla.redhat.com/show_bug.cgi?id=1525628 Hi, Summary: This is very low risk for the majority of installations, There are very limited circumstances where this can affect your deployment. You must run certain types of hashes, and must have imported them incorrectly during an ldif2db or nsslapd-allow-hashed- password: on import. For most users who allow DS to do the hashing for you (ie ldappasswd or similar) then there is no risk. I will communicate with RH security about this, as the issue is meant to be embargoed, but has leaked, so we must open this asap to give proper information. Thanks, > > Eric Torgersen > Systems Architect | Information Technology Services | Enterprise > Infrastructure Services > 518-442-6471 | etorger...@albany.edu > University at Albany > 1400 Washington Ave | Albany, NY 1 > > Confidentiality Notice: The information contained in this electronic > transmission is confidential and is intended for the use of the > individual(s) or entity(ies) named above only. If the reader of this > message is not the intended recipient, you are hereby notified that > any dissemination, distribution or reproduction of this transmission > is strictly prohibited. If you have received this transmission in > error, please destroy any and all copies of the transmission and > notify the sender immediately. > > ___ > 389-users mailing list -- 389-users@lists.fedoraproject.org > To unsubscribe send an email to 389-users-leave@lists.fedoraproject.o > rg -- Sincerely, William Brown Software Engineer Red Hat, Australia/Brisbane ___ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
[389-users] Re: 389ds on lxc debian
On Tue, 2018-01-30 at 12:48 +0100, Angel Bosch Mora wrote: > hi, > > I'm trying to install 1.1.43-1+b1 package on lxc with debian 9 and I > get this error: > > > invoke-rc.d: initscript dirsrv-admin, action "start" failed. > ● dirsrv-admin.service - 389 Administration Server. > Loaded: loaded (/lib/systemd/system/dirsrv-admin.service; > disabled; vendor preset: enabled) > Active: failed (Result: exit-code) since Tue 2018-01-30 12:32:36 > CET; 6ms ago > Process: 15226 ExecStart=/usr/sbin/apache2 -k start -f > /etc/dirsrv/admin-serv/httpd.conf (code=exited, status=1/FAILURE) > > gen 30 12:32:35 Jafar systemd[1]: dirsrv-admin.service: Failed to > reset devices.list: Operation not permitted > gen 30 12:32:35 Jafar systemd[1]: Starting 389 Administration > Server > gen 30 12:32:36 Jafar systemd[1]: dirsrv-admin.service: Control > process exited, code=exited status=1 > gen 30 12:32:36 Jafar systemd[1]: Failed to start 389 Administration > Server.. > gen 30 12:32:36 Jafar systemd[1]: dirsrv-admin.service: Unit entered > failed state. > gen 30 12:32:36 Jafar systemd[1]: dirsrv-admin.service: Failed with > result 'exit-code'. > > > it seems a problema about lxc privileges. > > is there anyone running 389 with lxc? There are a number of users of 389-ds with lxc, just not with the admin console that I am aware of. Perhaps check the documenation on how to do a "console-less" install? > > regards, > > abosch > -- Institut Mallorquí d'Afers Socials. Aquest missatge, i si escau, > qualsevol fitxer annex, es dirigeix exclusivament a la persona que > n'és destinatària i pot contenir informació confidencial. En cap cas > no heu de copiar aquest missatge ni lliurar-lo a terceres persones > sense permís exprés de l'IMAS. Si no sou la persona destinatària que > s'hi indica (o la responsable de lliurar-l'hi) us demanam que ho > notifiqueu immediatament a l'adreça electrònica de la persona > remitent. > -- Abans d'imprimir aquest missatge, pensau si és realment necessari. > ___ > 389-users mailing list -- 389-users@lists.fedoraproject.org > To unsubscribe send an email to 389-users-leave@lists.fedoraproject.o > rg -- Sincerely, William Brown Software Engineer Red Hat, Australia/Brisbane ___ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
[389-users] Re: Upgrading from 1.3.5.10-21 to 1.3.6-1.24
Thank you for that information, William. > On Jan 29, 2018, at 5:11 PM, William Brown wrote: > > On Mon, 2018-01-29 at 16:24 -0600, Sergei Gerasenko wrote: >> Hello, >> >> I’m getting ready to upgrade from 1.3.5 to 1.3.6 and I’m wondering if >> there are any possible issues with this. I’ve heard that the >> replication protocol has changed in regards to the replication >> protocol for example. Anything else to be concerned about in terms of >> the schema changes, etc? > > The replication changes just help to prevent conflicts and issues, it > should be a "safe" upgrade to make, just don't mix the versions for too > long. > > There are no other obvious issues I can think of, just be sure to do a > test upgrade first, and keep backups (even though I doubt anything will > go wrong, it's just good discipline) > >> >> Thanks for any insight. >> >> Sergei >> ___ >> 389-users mailing list -- 389-users@lists.fedoraproject.org >> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.o >> rg > -- > Sincerely, > > William Brown > Software Engineer > Red Hat, Australia/Brisbane > ___ > 389-users mailing list -- 389-users@lists.fedoraproject.org > To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org ___ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
[389-users] 389ds on lxc debian
hi, I'm trying to install 1.1.43-1+b1 package on lxc with debian 9 and I get this error: invoke-rc.d: initscript dirsrv-admin, action "start" failed. ● dirsrv-admin.service - 389 Administration Server. Loaded: loaded (/lib/systemd/system/dirsrv-admin.service; disabled; vendor preset: enabled) Active: failed (Result: exit-code) since Tue 2018-01-30 12:32:36 CET; 6ms ago Process: 15226 ExecStart=/usr/sbin/apache2 -k start -f /etc/dirsrv/admin-serv/httpd.conf (code=exited, status=1/FAILURE) gen 30 12:32:35 Jafar systemd[1]: dirsrv-admin.service: Failed to reset devices.list: Operation not permitted gen 30 12:32:35 Jafar systemd[1]: Starting 389 Administration Server gen 30 12:32:36 Jafar systemd[1]: dirsrv-admin.service: Control process exited, code=exited status=1 gen 30 12:32:36 Jafar systemd[1]: Failed to start 389 Administration Server.. gen 30 12:32:36 Jafar systemd[1]: dirsrv-admin.service: Unit entered failed state. gen 30 12:32:36 Jafar systemd[1]: dirsrv-admin.service: Failed with result 'exit-code'. it seems a problema about lxc privileges. is there anyone running 389 with lxc? regards, abosch -- Institut Mallorquí d'Afers Socials. Aquest missatge, i si escau, qualsevol fitxer annex, es dirigeix exclusivament a la persona que n'és destinatària i pot contenir informació confidencial. En cap cas no heu de copiar aquest missatge ni lliurar-lo a terceres persones sense permís exprés de l'IMAS. Si no sou la persona destinatària que s'hi indica (o la responsable de lliurar-l'hi) us demanam que ho notifiqueu immediatament a l'adreça electrònica de la persona remitent. -- Abans d'imprimir aquest missatge, pensau si és realment necessari. ___ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org