[CentOS] Last 389-ds update on CentOS 8 Stream seems to be broken

Sun Nov 21 07:55:41 UTC 2021
Mathieu Baudier <mbaudier at argeo.org>

After looking at:
https://git.centos.org/rpms/389-ds-base/c/0381070f4db756c9771576582981e332aab5d141?branch=c8s-stream-1.4

and testing one of the failing 1.4.3.23-10 dirsrv, I removed manually from
/etc/dirsrv/slapd-*/dse.ldif the entry:
dn: cn=GOST_YESCRYPT,cn=Password Storage Schemes,cn=plugins,cn=config

and restarted the service.
And it is now working!

Interestingly this entry was recreated, without any difference (except
timestamps).

Also interestingly, we apparently do *not* have the issue on IPA
environments with this same dirsrv update.
The issue only happens in environments with standalone dirsrv (that is,
without an IPA server).

On Sat, Nov 20, 2021 at 8:02 PM Mathieu Baudier <mbaudier at argeo.org> wrote:

> Hello,
>
> after updating 389-ds (LDAP dirsrv) on CentOS 8 Stream, this service does
> not start anymore:
>
> $ sudo journalctl -u dirsrv@* | less
>
> Nov 20 18:27:31 systemd[1]: Starting 389 Directory Server argeo....
> Nov 20 18:27:31 ns-slapd[1951]: [20/Nov/2021:18:27:31.980124142 +0100] -
> ERR - symload_report_error - Netscape Portable Runtime error -5975:
> /usr/lib64/dirsrv/plugins/libpwdstorage-plugin.so: undefined symbol:
> gost_yescrypt_pwd_storage_scheme_init
> Nov 20 18:27:31 ns-slapd[1951]: [20/Nov/2021:18:27:31.985260818 +0100] -
> ERR - symload_report_error - Could not load symbol
> "gost_yescrypt_pwd_storage_scheme_init" from "libpwdstorage-plugin" for
> plugin GOST_YESCRYPT
> Nov 20 18:27:31 ns-slapd[1951]: [20/Nov/2021:18:27:31.988423108 +0100] -
> ERR - slapd_bootstrap_config - The plugin entry
> [cn=GOST_YESCRYPT,cn=Password Storage Schemes,cn=plugins,cn=config] in the
> configfile /etc/dirsrv/slapd-argeo/dse.ldif was invalid. Failed to load
> plugin's init function.
> Nov 20 18:27:31 ns-slapd[1951]: [20/Nov/2021:18:27:31.991083901 +0100] -
> EMERG - main - The configuration files in directory /etc/dirsrv/slapd-argeo
> could not be read or were not found.  Please refer to the error log or
> output for more information.
> Nov 20 18:27:32 systemd[1]: dirsrv at argeo.service: Main process exited,
> code=exited, status=1/FAILURE
> Nov 20 18:27:32 systemd[1]: dirsrv at argeo.service: Failed with result
> 'exit-code'.
> Nov 20 18:27:32 systemd[1]: Failed to start 389 Directory Server argeo..
>
> $ sudo dnf list 389-ds-*
> Installed Packages
> 389-ds-base.x86_64
>  1.4.3.23-10.module_el8.5.0+946+51aba098                  @appstream
> 389-ds-base-libs.x86_64
> 1.4.3.23-10.module_el8.5.0+946+51aba098                  @appstream
>
> After downgrading and restarting it is working again :
>
> $ sudo dnf downgrade 389-ds-*
>
> $ sudo dnf list 389-ds-*
> Installed Packages
> 389-ds-base.x86_64
>  1.4.3.23-7.module_el8.5.0+889+90e0384f                   @appstream
> 389-ds-base-libs.x86_64
> 1.4.3.23-7.module_el8.5.0+889+90e0384f                   @appstream
>
> $ sudo systemctl restart dirsrv@*
>
> Should I fill a bug report for this? (And if yes, where?)
> Or should some 389-ds plugins be deactivated?
> Or some upgrade procedure?
>
> Thanks in advance for your guidance!
> Cheers,
>
> Mathieu
>
>