home bbs files messages ]

Forums before death by AOL, social media and spammers... "We can't have nice things"

   linux.debian.bugs.dist      Ohh some weird Debian bug report thing      28,835 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 28,167 of 28,835   
   =?utf-8?B?T25kxZllaiBLdXpuw61r?= to Pirate Praveen   
   Bug#1128375: slapd upgrade to trixie bre   
   19 Feb 26 11:10:01   
   
   From: ondra@mistotebe.net   
      
   On Thu, Feb 19, 2026 at 04:43:25AM +0530, Pirate Praveen wrote:   
   > New version of slapd switched SSL backend to OpenSSL from GNUtls as   
   documented   
   > in libldap2 NEWS file.   
   >   
   > But how to actually update the values in a way that will fix the issue is not   
   > documented.   
   >   
   >    * What outcome did you expect instead?   
   >   
   > The exact steps to have a successful upgrade should be documented.   
   >   
   > Here is the error in log,   
   >   
   > main: TLS init def ctx failed: -1 error:0A0000B9:SSL routines::no cipher   
   match   
   >   
   > In bookworm the value that works is,   
   >   
   > olcTLSCipherSuite: NORMAL   
   >   
   > But it will not work in trixie. Removing this entry did not fix the issue.   
   >   
   > # cat delete-ciphers.ldif   
   > dn: cn=config   
   > changetype: modify   
   > delete: olcTLSCipherSuite   
   > olcTLSCipherSuite: NORMAL   
   >   
   > ldapmodify -Y EXTERNAL -H ldapi:/// -f ./delete-ciphers.ldif   
   >   
   > This just removes the error message, but slapd does not start after the   
   > upgrade.   
   >   
   > 2026-02-18T11:14:57.877705-08:00 comms-staging slapd[15509]: @(#) $OpenLDAP:   
   > slapd 2.6.10+dfsg-1 (May 29 2025 23:41:48) $#012#011Debian OpenLDAP   
   Maintainers   
   >    
   > 2026-02-18T11:14:57.937406-08:00 comms-staging slapd[15510]: slapd starting   
   > 2026-02-18T11:14:57.938339-08:00 comms-staging slapd[15510]: daemon: shutdown   
   > requested and initiated.   
   > 2026-02-18T11:14:57.938506-08:00 comms-staging slapd[15510]: slapd shutdown:   
   > waiting for 0 operations/tasks to finish   
   > 2026-02-18T11:14:57.939951-08:00 comms-staging slapd[15510]: slapd stopped.   
      
   Good morning,   
   like you said, can't see any errors here, however some library messages   
   are not sent to syslog so you might get more details about the error   
   from stderr. You should probably run slaptest with the appropriate debug   
   flags enabled (`-d flag,flag,...`, should probably include at least   
   `config`) to check that it's happy with the rest of the configuration   
   and see whether anything else comes up.   
      
   Other than that, yes, you can generally remove the attribute before   
   upgrade and either leave it to whatever OpenSSL considers default or add   
   whatever is appropriate for your environment after you've switched. Same   
   with any other attributes you might come across this way.   
      
   Regards,   
      
   --   
   Ondřej Kuzník   
   Senior Software Engineer   
   Symas Corporation                       http://www.symas.com   
   Packaged, certified, and supported LDAP solutions powered by OpenLDAP   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca