Hi Rich,
Yes I totally agree I should see the prompt as you put here, this is
working in my case only when running:
setup-ds.pl -u
but not for ds-admin.
If you are (or can find) a perl hacker, you can use perl -d
/usr/sbin/setup-ds-admin.pl and see if you can figure out what's going on.
I would like to continue with this upgrade process ( i have 4 more
hosts to upgrade) is there a option to check for any missing
packages,lib etc when running setup-ds-admin.pl -u .??
The Sysadmin build the 389-ds* rmp's from scratch for this OS,
I
have a feeling something may missing from ds-admin package (??) but I
need "tools/proof" to point what's missing.
OS
Linux 2.6.32-431.el6.x86_64 #1 SMP Thu Nov 21 13:35:52 CST 2013 x86_64
x86_64 x86_64 GNU/Linux
new installed 389-ds-admin
rpm -qa | grep 389-admin*
389-admin-1.1.42-000.x86_64
389-admin-console-1.1.10-000.x86_64
389-adminutil-1.1.22-000.x86_64
Thank you again
Isabella
...
<
https://lists.fedoraproject.org/archives/list/389-users%40lists.fedorapro...
I don't understand what is going on. When you use setup-ds-admin.pl
-u, You should see a prompt like this:
==============================================================================
The update option will allow you to re-register your servers with the
configuration directory server and update the information about your
servers that the console and admin server uses. You will need your
configuration directory server admin ID and password to continue.
Continue?
==============================================================================
I have no idea what's wrong.
...
<
https://lists.fedoraproject.org/archives/list/389-users%40lists.fedorapro...
On 12/01/2015 02:07 PM, ghiureai wrote:
>
>
>
> Rich, still see bellow : and bellow only for ds no admin
>
> _setup-ds-admin.pl -u -ddddd_
>
> ==============================================================================
> This program will set up the 389 Directory and Administration Servers.
>
> It is recommended that you have "root" privilege to set up the software.
> Tips for using this program:
> - Press "Enter" to choose the default and go to the next screen
> - Type "Control-B" then "Enter" to go back to the previous
screen
> - Type "Control-C" to cancel the setup program
>
> Would you like to continue with set up? [yes]:
>
> ==============================================================================
> Your system has been scanned for potential problems, missing patches,
> etc. The following output is a report of the items found that need to
> be addressed before running this software in a production
> environment.
>
> Would you like to continue? [no]: yes
>
> ==============================================================================
> Choose a setup type:
>
> 1. Express
> Allows you to quickly set up the servers using the most
> common options and pre-defined defaults. Useful for quick
> evaluation of the products.
>
> 2. Typical
> Allows you to specify common defaults and options.
>
> 3. Custom
> Allows you to specify more advanced options. This is
> recommended for experienced server administrators only.
>
> To accept the default shown in brackets, press the Enter key.
>
>
>
>
> **********************************************************************
> _>>>>>>setup-ds.pl -u_
>
> ==============================================================================
> This program will update the 389 Directory Server.
>
> It is recommended that you have "root" privilege to perform the update.
> Tips for using this program:
> - Press "Enter" to choose the default and go to the next screen
> - Type "Control-B" or the word "back" then "Enter" to
go back to
> the previous screen
> - Type "Control-C" to cancel the update
>
> Would you like to continue with update? [yes]: yes
>
> ==============================================================================
>
> The update process can work in one of two modes:
>
> - Online: The changes are made to the running directory servers
> using LDAP.
> The operations must be performed as an administrative user.
> You must provide the name and password, for each instance
> if there is more than one instance of directory server.
> Some operations may require a directory server restart to
> take
> effect. The update script will notify you if you need to
> restart
> the server.
>
> - Offline: The changes are made to the server configuration files. The
> servers MUST FIRST BE SHUTDOWN BY YOU. The script will not
> shutdown the servers for you. You MUST shutdown the
> servers in order to use this mode. A username and password
> are not required to use Offline mode. If the servers
> are not
> shutdown, CHANGES WILL BE LOST.
>
> To summarize:
> Online - servers remain running - you must provide admin name and
> password
> for each server - servers may need to be restarted
> Offline - servers must be shutdown - no username or password required
>
>
>
>
> On 12/01/2015 01:23 PM, ghiureai wrote:
>> On 12/01/2015 11:42 AM, ghiureai wrote:
>>
>> Rich, pls see the answers to your Q's ( the DS upgrade worked but
>> the DS Admin set up will not behave same way )
>> ...
>>
<
https://lists.fedoraproject.org/archives/list/389-users%40lists.fedorapro...
>> setup-ds-admin.pl -u
>>
>> this will not give the noption for upgrade like with (setup-ds.pl -u)
>> see the menu bellow
>> setup-ds-admin.pl -u
>>
>> ==============================================================================
>> This program will set up the 389 Directory and Administration Servers.
>>
>> It is recommended that you have "root" privilege to set up the
software.
>> Tips for using this program:
>> - Press "Enter" to choose the default and go to the next screen
>> Would you like to continue with set up? [yes]:
>>
>> ==============================================================================
>> Your system has been scanned for potential problems, missing patches,
>> etc. The following output is a report of the items found that need to
>> be addressed before running this software in a production
>> environment.
>>
>> Would you like to continue? [no]: yes
>>
>> ==============================================================================
>> Choose a setup type:
>>
>> 1. Express
>> Allows you to quickly set up the servers using the most
>> common options and pre-defined defaults. Useful for quick
>> evaluation of the products.
>>
>> 2 ....................................................................
>> ...
>>
<
https://lists.fedoraproject.org/archives/list/389-users%40lists.fedorapro...
>>
>> What repo are you using? What platform is this? If you are using el6
>> or el7 you must use epel6 or epel7 to get the admin/console packages.
>> ...
>>
<
https://lists.fedoraproject.org/archives/list/389-users%40lists.fedorapro...
>>
>>
>> Linux 2.6.32-431.el6.x86_64 #1 SMP Thu Nov 21 13:35:52 CST 2013
>> x86_64 x86_64 x86_64 GNU/Linux
>> epel6
>> rpm -qa | grep 389-*
>> 389-ds-console-1.2.12-000.x86_64
>> 389-ds-base-1.3.4.4-000.x86_64
>> 389-admin-1.1.42-000.x86_64
>> 389-admin-console-1.1.10-000.x86_64
>> 389-adminutil-1.1.22-000.x86_64
>> 389-console-1.1.9-000.x86_64
>>
>>
>>
>> On 12/01/2015 10:42 AM, ghiureai wrote:
>>> Thank you Rich for reply one more related issues I see :
>>>
>>> When need to run the ds admin update I do not see the options for
>>> update, seems goes back and asks all the Q's as a new fresh
>>> installation ( ??)
>>> What we are missing from this upgrade installation here is what is been
>>> installed
>>> grep 389-*
>>> 389-ds-console-1.2.12-000.x86_64
>>> 389-admin-1.1.42-000.x86_64
>>> 389-ds-base-1.3.4.4-000.x86_64
>>> 389-console-1.1.9-000.x86_64
>>> 389-admin-console-1.1.10-000.x86_64
>>> 389-adminutil-1.1.22-000.x86_64
>>>
>>>
>>>
>>>
>>>
>>> On 12/01/2015 09:07 AM, ghiureai wrote:
>>>> Hi List,
>>>> we are tying to upgrade to 389-ds 1.3.4 from 1.2.2 , after rpm installed
>>>> and update the server , when restarting the DS geting the following in
>>>> DS errorlog, there is no such "entryallowWeakCipher" in cfg
file , what
>>>> should we dissable see entries for this cn
>>>>
>>>> SSL alert: Cipher rsa_rc4_128_md5 is weak. It is enabled since
>>>> allowWeakCipher is "on" (default setting for the backward
>>>> compatibility). We strongly recommend to set it to "off".
Please
>>>> replace the value of allowWeakCipher with "off" in the
encryption config
>>>> entry cn=encryption,cn=config and restart the server.
>>>>
>>>> dn: cn=encryption,cn=config
>>>> objectClass: top
>>>> objectClass: nsEncryptionConfig
>>>> cn: encryption
>>>> nsSSLSessionTimeout: 0
>>>> nsSSLClientAuth: allowed
>>>> nsSSL2: off
>>>>
>>>> nsSSL3: off ----->>> This was on but turn to "off"
>>>>
>>>> creatorsName: cn=server,cn=plugins,cn=config
>>>> modifiersName:
>>>> uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo
>>>> t
>>>> createTimestamp: xxxxxxxxxxxxxxxx
>>>> modifyTimestamp:xxxxxxxxxxxxxxxxxxxx
>>>> nsSSL3Ciphers:
>>>> -rsa_null_md5,-rsa_null_sha,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+r
>>>>
sa_rc2_40_md5,+rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha,+rsa_fips_3des_sha
>>>>
,+fortezza,+fortezza_rc4_128_sha,+fortezza_null,+tls_rsa_export1024_with_rc4_
>>>> 56_sha,+tls_rsa_aes_128_sha,+tls_rsa_aes_256_sha
>>>>
>>>>
>>>> xxxxxxxxxxxxxxxxxxx
>>>> xxxxxxxxxxxxxxx
>>>>
>>>> Thank you for your time
>>>> Isabella
>>>>
>>
>
--
389 users mailing list
389-users@%(host_name)s
http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org