On 12/01/2015 11:42 AM, ghiureai wrote:
Rich, pls see the answers to your Q's ( the DS upgrade worked but the
DS Admin set up will not behave same way )
...
<
https://lists.fedoraproject.org/archives/list/389-users%40lists.fedorapro...
setup-ds-admin.pl -u
this will not give the noption for upgrade like with (setup-ds.pl -u)
see the menu bellow
setup-ds-admin.pl -u
==============================================================================
This program will set up the 389 Directory and Administration Servers.
It is recommended that you have "root" privilege to set up the software.
Tips for using this program:
- Press "Enter" to choose the default and go to the next screen
Would you like to continue with set up? [yes]:
==============================================================================
Your system has been scanned for potential problems, missing patches,
etc. The following output is a report of the items found that need to
be addressed before running this software in a production
environment.
Would you like to continue? [no]: yes
==============================================================================
Choose a setup type:
1. Express
Allows you to quickly set up the servers using the most
common options and pre-defined defaults. Useful for quick
evaluation of the products.
2 ....................................................................
...
<
https://lists.fedoraproject.org/archives/list/389-users%40lists.fedorapro...
What repo are you using? What platform is this? If you are using el6 or
el7 you must use epel6 or epel7 to get the admin/console packages.
...
<
https://lists.fedoraproject.org/archives/list/389-users%40lists.fedorapro...
Linux 2.6.32-431.el6.x86_64 #1 SMP Thu Nov 21 13:35:52 CST 2013 x86_64
x86_64 x86_64 GNU/Linux
epel6
rpm -qa | grep 389-*
389-ds-console-1.2.12-000.x86_64
389-ds-base-1.3.4.4-000.x86_64
389-admin-1.1.42-000.x86_64
389-admin-console-1.1.10-000.x86_64
389-adminutil-1.1.22-000.x86_64
389-console-1.1.9-000.x86_64
On 12/01/2015 10:42 AM, ghiureai wrote:
Thank you Rich for reply one more related issues I see :
When need to run the ds admin update I do not see the options for
update, seems goes back and asks all the Q's as a new fresh
installation ( ??)
What we are missing from this upgrade installation here is what is been
installed
grep 389-*
389-ds-console-1.2.12-000.x86_64
389-admin-1.1.42-000.x86_64
389-ds-base-1.3.4.4-000.x86_64
389-console-1.1.9-000.x86_64
389-admin-console-1.1.10-000.x86_64
389-adminutil-1.1.22-000.x86_64
On 12/01/2015 09:07 AM, ghiureai wrote:
> Hi List,
> we are tying to upgrade to 389-ds 1.3.4 from 1.2.2 , after rpm installed
> and update the server , when restarting the DS geting the following in
> DS errorlog, there is no such "entryallowWeakCipher" in cfg file , what
> should we dissable see entries for this cn
>
> SSL alert: Cipher rsa_rc4_128_md5 is weak. It is enabled since
> allowWeakCipher is "on" (default setting for the backward
> compatibility). We strongly recommend to set it to "off". Please
> replace the value of allowWeakCipher with "off" in the encryption config
> entry cn=encryption,cn=config and restart the server.
>
> dn: cn=encryption,cn=config
> objectClass: top
> objectClass: nsEncryptionConfig
> cn: encryption
> nsSSLSessionTimeout: 0
> nsSSLClientAuth: allowed
> nsSSL2: off
>
> nsSSL3: off ----->>> This was on but turn to "off"
>
> creatorsName: cn=server,cn=plugins,cn=config
> modifiersName:
> uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo
> t
> createTimestamp: xxxxxxxxxxxxxxxx
> modifyTimestamp:xxxxxxxxxxxxxxxxxxxx
> nsSSL3Ciphers:
> -rsa_null_md5,-rsa_null_sha,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+r
> sa_rc2_40_md5,+rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha,+rsa_fips_3des_sha
> ,+fortezza,+fortezza_rc4_128_sha,+fortezza_null,+tls_rsa_export1024_with_rc4_
> 56_sha,+tls_rsa_aes_128_sha,+tls_rsa_aes_256_sha
>
>
> xxxxxxxxxxxxxxxxxxx
> xxxxxxxxxxxxxxx
>
> Thank you for your time
> Isabella
>