--I haven't seen this particular error before. Here is my error log at startup. Does your log look similar to this (besides the error)?
[05/May/2026:10:38:38.570345263 -0400] - INFO - slapd_extract_cert - CA CERT NAME: Self-Signed-CA
[05/May/2026:10:38:38.575013995 -0400] - WARN - Security Initialization - SSL alert: Sending pin request to SVRCore. You may need to run systemd-tty-ask-password-agent to provide the password if pin.txt does not exist.
[05/May/2026:10:38:38.596977165 -0400] - INFO - slapd_extract_cert - SERVER CERT NAME: Server-Cert
[05/May/2026:10:38:38.628070445 -0400] - INFO - Security Initialization - SSL info: Enabling default cipher set.
[05/May/2026:10:38:38.629070043 -0400] - INFO - Security Initialization - SSL info: Configured NSS Ciphers
[05/May/2026:10:38:38.629758473 -0400] - INFO - Security Initialization - SSL info: TLS_AES_128_GCM_SHA256: enabled
[05/May/2026:10:38:38.630223912 -0400] - INFO - Security Initialization - SSL info: TLS_CHACHA20_POLY1305_SHA256: enabled
[05/May/2026:10:38:38.630729097 -0400] - INFO - Security Initialization - SSL info: TLS_AES_256_GCM_SHA384: enabled
......
[05/May/2026:10:38:38.646869597 -0400] - INFO - Security Initialization - slapd_ssl_init2 - Configured SSL version range: min: TLS1.2, max: TLS1.3
[05/May/2026:10:38:38.647319500 -0400] - INFO - Security Initialization - slapd_ssl_init2 - NSS adjusted SSL version range: min: TLS1.2, max: TLS1.3
[05/May/2026:10:38:38.647903706 -0400] - INFO - main - 389-Directory/3.2.0 DEVELOPER BUILD B0000.000.0000 starting up
......
[05/May/2026:10:38:38.758475494 -0400] - INFO - dbmdb_make_env - MDB environment created with maxsize=21474836480 (20.0 GB)
[05/May/2026:10:38:38.759509913 -0400] - INFO - dbmdb_make_env - MDB environment created with max readers=126
[05/May/2026:10:38:38.760668867 -0400] - INFO - dbmdb_make_env - MDB environment created with max database instances=512
[05/May/2026:10:38:38.763059652 -0400] - NOTICE - attrcrypt_cipher_init - No symmetric key found for cipher AES in backend userroot, attempting to create one...
[05/May/2026:10:38:38.765674326 -0400] - INFO - attrcrypt_cipher_init - Key for cipher AES successfully generated and stored
[05/May/2026:10:38:38.766149695 -0400] - NOTICE - attrcrypt_cipher_init - No symmetric key found for cipher 3DES in backend userroot, attempting to create one...
[05/May/2026:10:38:38.768561634 -0400] - INFO - attrcrypt_cipher_init - Key for cipher 3DES successfully generated and stored
Are you running the server with security enabled?
Have you explicitly enabled/disable specific ciphers under cn=encryption,cn=config ?
dn: cn=encryption,cn=config
objectClass: top
objectClass: nsEncryptionConfig
cn: encryption
nsSSLSessionTimeout: 0
nsSSLClientAuth: allowed
CACertExtractFile: /tmp/slapd-localhost/Self-Signed-CA.pem
nsSSL3Ciphers: +all,-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Also what platform are you running this on? What rpm version of "nss" is installed? This could also be related to your system's crypto policy.
Thanks,
Mark
On 5/8/26 4:11 PM, Ghiurea, Isabella via 389-users wrote:
After installing new Certs on version 389-ds-base-libs-3.1.3-7.el10_1.x86_64 ,
I am seeing the following ERR in errolog when restarting the ldap.
[08/May/2026:12:47:19.286692556 -0700] - INFO - dbmdb_make_env - MDB environment created with max database instances=512.And here are my entries for encryption in dse.ldif :
[08/May/2026:12:47:19.287568735 -0700] - ERR - attrcrypt_cipher_init - Failed to retrieve key for cipher AES (2)
[08/May/2026:12:47:19.287866902 -0700] - ERR - attrcrypt_cipher_init - Failed to retrieve key for cipher 3DES (2)
[08/May/2026:12:47:19.288083818 -0700] - ERR - attrcrypt_init - All prepared ciphers are not available. Please disable attribute encryption.
dn: cn=encrypted attribute keys,cn=userroot,cn=ldbm database,cn=plugins,cn=con
fig
objectClass: top
objectClass: extensibleObject
cn: encrypted attribute keys
creatorsName: cn=ldbm database,cn=plugins,cn=config
modifiersName: cn=ldbm database,cn=plugins,cn=config
createTimestamp: 20260128,........
modifyTimestamp: 20260128........
numSubordinates: 2
dn: cn=encrypted attributes,cn=userroot,cn=ldbm database,cn=plugins,cn=config
objectClass: top
objectClass: extensibleObject
cn: encrypted attributes
creatorsName: cn=ldbm database,cn=plugins,cn=config
modifiersName: cn=ldbm database,cn=plugins,cn=config
createTimestamp: 202601282....
modifyTimestamp: 20260128....
What else must be change to eliminate the errors.thank you !
-- Identity Management Development Team
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
-- _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
No comments:
Post a Comment