Hello,
after updating 389-ds (LDAP dirsrv) on CentOS 8 Stream, this service does not start anymore:
$ sudo journalctl -u dirsrv@* | less
Nov 20 18:27:31 systemd[1]: Starting 389 Directory Server argeo.... Nov 20 18:27:31 ns-slapd[1951]: [20/Nov/2021:18:27:31.980124142 +0100] - ERR - symload_report_error - Netscape Portable Runtime error -5975: /usr/lib64/dirsrv/plugins/libpwdstorage-plugin.so: undefined symbol: gost_yescrypt_pwd_storage_scheme_init Nov 20 18:27:31 ns-slapd[1951]: [20/Nov/2021:18:27:31.985260818 +0100] - ERR - symload_report_error - Could not load symbol "gost_yescrypt_pwd_storage_scheme_init" from "libpwdstorage-plugin" for plugin GOST_YESCRYPT Nov 20 18:27:31 ns-slapd[1951]: [20/Nov/2021:18:27:31.988423108 +0100] - ERR - slapd_bootstrap_config - The plugin entry [cn=GOST_YESCRYPT,cn=Password Storage Schemes,cn=plugins,cn=config] in the configfile /etc/dirsrv/slapd-argeo/dse.ldif was invalid. Failed to load plugin's init function. Nov 20 18:27:31 ns-slapd[1951]: [20/Nov/2021:18:27:31.991083901 +0100] - EMERG - main - The configuration files in directory /etc/dirsrv/slapd-argeo could not be read or were not found. Please refer to the error log or output for more information. Nov 20 18:27:32 systemd[1]: dirsrv@argeo.service: Main process exited, code=exited, status=1/FAILURE Nov 20 18:27:32 systemd[1]: dirsrv@argeo.service: Failed with result 'exit-code'. Nov 20 18:27:32 systemd[1]: Failed to start 389 Directory Server argeo..
$ sudo dnf list 389-ds-* Installed Packages 389-ds-base.x86_64 1.4.3.23-10.module_el8.5.0+946+51aba098 @appstream 389-ds-base-libs.x86_64 1.4.3.23-10.module_el8.5.0+946+51aba098 @appstream
After downgrading and restarting it is working again :
$ sudo dnf downgrade 389-ds-*
$ sudo dnf list 389-ds-* Installed Packages 389-ds-base.x86_64 1.4.3.23-7.module_el8.5.0+889+90e0384f @appstream 389-ds-base-libs.x86_64 1.4.3.23-7.module_el8.5.0+889+90e0384f @appstream
$ sudo systemctl restart dirsrv@*
Should I fill a bug report for this? (And if yes, where?) Or should some 389-ds plugins be deactivated? Or some upgrade procedure?
Thanks in advance for your guidance! Cheers,
Mathieu
After looking at: https://git.centos.org/rpms/389-ds-base/c/0381070f4db756c9771576582981e332aa...
and testing one of the failing 1.4.3.23-10 dirsrv, I removed manually from /etc/dirsrv/slapd-*/dse.ldif the entry: dn: cn=GOST_YESCRYPT,cn=Password Storage Schemes,cn=plugins,cn=config
and restarted the service. And it is now working!
Interestingly this entry was recreated, without any difference (except timestamps).
Also interestingly, we apparently do *not* have the issue on IPA environments with this same dirsrv update. The issue only happens in environments with standalone dirsrv (that is, without an IPA server).
On Sat, Nov 20, 2021 at 8:02 PM Mathieu Baudier mbaudier@argeo.org wrote:
Hello,
after updating 389-ds (LDAP dirsrv) on CentOS 8 Stream, this service does not start anymore:
$ sudo journalctl -u dirsrv@* | less
Nov 20 18:27:31 systemd[1]: Starting 389 Directory Server argeo.... Nov 20 18:27:31 ns-slapd[1951]: [20/Nov/2021:18:27:31.980124142 +0100] - ERR - symload_report_error - Netscape Portable Runtime error -5975: /usr/lib64/dirsrv/plugins/libpwdstorage-plugin.so: undefined symbol: gost_yescrypt_pwd_storage_scheme_init Nov 20 18:27:31 ns-slapd[1951]: [20/Nov/2021:18:27:31.985260818 +0100] - ERR - symload_report_error - Could not load symbol "gost_yescrypt_pwd_storage_scheme_init" from "libpwdstorage-plugin" for plugin GOST_YESCRYPT Nov 20 18:27:31 ns-slapd[1951]: [20/Nov/2021:18:27:31.988423108 +0100] - ERR - slapd_bootstrap_config - The plugin entry [cn=GOST_YESCRYPT,cn=Password Storage Schemes,cn=plugins,cn=config] in the configfile /etc/dirsrv/slapd-argeo/dse.ldif was invalid. Failed to load plugin's init function. Nov 20 18:27:31 ns-slapd[1951]: [20/Nov/2021:18:27:31.991083901 +0100] - EMERG - main - The configuration files in directory /etc/dirsrv/slapd-argeo could not be read or were not found. Please refer to the error log or output for more information. Nov 20 18:27:32 systemd[1]: dirsrv@argeo.service: Main process exited, code=exited, status=1/FAILURE Nov 20 18:27:32 systemd[1]: dirsrv@argeo.service: Failed with result 'exit-code'. Nov 20 18:27:32 systemd[1]: Failed to start 389 Directory Server argeo..
$ sudo dnf list 389-ds-* Installed Packages 389-ds-base.x86_64 1.4.3.23-10.module_el8.5.0+946+51aba098 @appstream 389-ds-base-libs.x86_64 1.4.3.23-10.module_el8.5.0+946+51aba098 @appstream
After downgrading and restarting it is working again :
$ sudo dnf downgrade 389-ds-*
$ sudo dnf list 389-ds-* Installed Packages 389-ds-base.x86_64 1.4.3.23-7.module_el8.5.0+889+90e0384f @appstream 389-ds-base-libs.x86_64 1.4.3.23-7.module_el8.5.0+889+90e0384f @appstream
$ sudo systemctl restart dirsrv@*
Should I fill a bug report for this? (And if yes, where?) Or should some 389-ds plugins be deactivated? Or some upgrade procedure?
Thanks in advance for your guidance! Cheers,
Mathieu
-
Mathieu Baudier