[389-users] Upgrade failure

Rich Megginson rmeggins at redhat.com
Mon Nov 25 23:54:49 UTC 2013 

On 11/25/2013 04:37 PM, Gordon Messmer wrote:
> On Friday, I updated one of several systems that I manage from version 
> 1.2.11.15 to version 1.2.11.25.  Thereafter, the service was unable to 
> start.  The error indicates a problem with SSL that I don't 
> understand.  I've included the relevant section from the "error" log 
> below.
>
> After reverting to the old package, the service starts again.
>
> Does anyone understand this error and have a pointer on resolving it?

Is there some reason you need to upgrade from the OS provided official 
RHEL 6.4 version of 389-ds-base to the non-OS provided version from the 
rmeggins epel6 repo?

Are you using attribute encryption?

The error message is saying that it cannot find your unlocked server SSL 
key.  I am assuming this all worked before, and you have a pin.txt file 
and/or you have permanently unlocked your key/cert db.

>
>
>
> yum.log:
> Sep 20 15:35:43 Updated: 389-ds-base-libs-1.2.11.15-22.el6_4.x86_64
> Sep 20 15:36:24 Updated: 389-ds-base-1.2.11.15-22.el6_4.x86_64
> Nov 22 15:03:40 Updated: 389-ds-base-libs-1.2.11.25-1.el6.x86_64
> Nov 22 15:05:17 Updated: 389-ds-base-1.2.11.25-1.el6.x86_64
>
>
> error:
> [22/Nov/2013:15:05:08 -0800] - check_and_set_import_cache: pagesize: 
> 4096, pages: 980670, procpages: 52580
> [22/Nov/2013:15:05:08 -0800] - Import allocates 1569072KB import cache.
> [22/Nov/2013:15:05:08 -0800] Upgrade DN Format - userRoot: Start 
> upgrade dn format.
> [22/Nov/2013:15:05:08 -0800] Upgrade DN Format - Instance userRoot in 
> /var/lib/dirsrv/slapd-master1/db/userRoot is up-to-date
> [22/Nov/2013:15:05:14 -0800] - 389-Directory/1.2.11.25 B2013.325.1951 
> starting up
> [22/Nov/2013:15:05:15 -0800] slapd_get_unlocked_key_for_cert - Error: 
> could not find any unlocked slots for certificate 
> [E=postmaster at xxx.com,CN=mail.xxx.com,O=xxx,
> L=Seattle,ST=Washington,C=US,OID.2.5.4.13=5t6jP8FugTLuYrW8]. Please 
> review your TLS/SSL configuration.  The following slots were found:
> [22/Nov/2013:15:05:15 -0800] slapd_get_unlocked_key_for_cert - Slot 
> [NSS User Private Key and Certificate Services] token [Internal 
> (Software) Token] was locked.
> [22/Nov/2013:15:05:15 -0800] - Can't get private key from cert 
> Server-Cert in attrcrypt_fetch_private_key: -8049 - Unrecognized 
> Object IDentifier.
> [22/Nov/2013:15:05:15 -0800] - Error: unable to initialize attrcrypt 
> system for userRoot
> [22/Nov/2013:15:05:16 -0800] - start: Failed to start databases, 
> err=-1 Unknown error: -1
> [22/Nov/2013:15:05:16 -0800] - Failed to start database plugin ldbm 
> database
> [22/Nov/2013:15:05:16 -0800] - WARNING: ldbm instance userRoot already 
> exists
> [22/Nov/2013:15:05:16 -0800] - ldbm_config_read_instance_entries: 
> failed to add instance entry cn=userRoot,cn=ldbm 
> database,cn=plugins,cn=config
> [22/Nov/2013:15:05:16 -0800] - ldbm_config_load_dse_info: failed to 
> read instance entries
> [22/Nov/2013:15:05:16 -0800] - start: Loading database configuration 
> failed
> [22/Nov/2013:15:05:16 -0800] - Failed to start database plugin ldbm 
> database
> [22/Nov/2013:15:05:16 -0800] - Error: Failed to resolve plugin 
> dependencies
> [22/Nov/2013:15:05:16 -0800] - Error: preoperation plugin 7-bit check 
> is not started
> [22/Nov/2013:15:05:16 -0800] - Error: preoperation plugin Account 
> Usability Plugin is not started
> [22/Nov/2013:15:05:16 -0800] - Error: accesscontrol plugin ACL Plugin 
> is not started
> [22/Nov/2013:15:05:16 -0800] - Error: preoperation plugin ACL 
> preoperation is not started
> [22/Nov/2013:15:05:16 -0800] - Error: preoperation plugin Auto 
> Membership Plugin is not started
> [22/Nov/2013:15:05:16 -0800] - Error: object plugin Class of Service 
> is not started
> [22/Nov/2013:15:05:16 -0800] - Error: preoperation plugin deref is not 
> started
> [22/Nov/2013:15:05:16 -0800] - Error: preoperation plugin HTTP Client 
> is not started
> [22/Nov/2013:15:05:16 -0800] - Error: database plugin ldbm database is 
> not started
> [22/Nov/2013:15:05:16 -0800] - Error: object plugin Legacy Replication 
> Plugin is not started
> [22/Nov/2013:15:05:16 -0800] - Error: preoperation plugin Linked 
> Attributes is not started
> [22/Nov/2013:15:05:16 -0800] - Error: preoperation plugin Managed 
> Entries is not started
> [22/Nov/2013:15:05:16 -0800] - Error: object plugin Multimaster 
> Replication Plugin is not started
> [22/Nov/2013:15:05:16 -0800] - Error: preoperation plugin Pass Through 
> Authentication is not started
> [22/Nov/2013:15:05:16 -0800] - Error: object plugin Roles Plugin is 
> not started
> [22/Nov/2013:15:05:16 -0800] - Error: object plugin Views is not started
> -- 
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

More information about the 389-users mailing list