Fedora Info

[Test-Announce] Fedora-IoT 45 RC 20260514.0 nightly compose nominated for testing

2026-05-14T06:46:04.104-07:00

Announcing the creation of a new nightly release validation test event for Fedora-IoT 45 RC 20260514.0. Please help run some tests for this nightly compose if you have time. For more information on nightly release validation testing, see: https://fedoraproject.org/wiki/QA:Release_validation_test_plan Test coverage information for the current release can be seen at: https://openqa.fedoraproject.org/testcase_stats/45iot You can see all results, find testing instructions and image download locations, and enter results on the Summary page: https://fedoraproject.org/wiki/Test_Results:Fedora-IoT_45_RC_20260514.0_Summary The individual test result pages are: https://fedoraproject.org/wiki/Test_Results:Fedora-IoT_45_RC_20260514.0_General Thank you for testing! -- Mail generated by relvalconsumer: https://forge.fedoraproject.org/quality/relvalconsumer -- _______________________________________________ test-announce mailing list -- test-announce@lists.fedoraproject.org To unsubscribe send an email to test-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/test-announce@lists.fedoraproject.org Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[389-users] Re: Cannot change nsslapd-db-max-locks

2026-05-13T14:17:50.922-07:00

On 5/13/26 4:03 PM, Orion Poplawski via 389-users wrote: > On 5/13/26 13:44, Mark Reynolds wrote: >> On 5/13/26 3:32 PM, Orion Poplawski via 389-users wrote: >>> So it seems that something is messed up with this particular host. >> The "db locks" are stored under /dev/shm/slapd-INSTANCE/ Perhaps there is >> not a lot of space allocated for /dev/shm on that host? > This is what it had: > > Filesystem Size Used Avail Use% Mounted on > tmpfs 1.5G 257M 1.3G 17% /dev/shm > > I bumped it a bit: > > Filesystem Size Used Avail Use% Mounted on > tmpfs 1.8G 289M 1.5G 17% /dev/shm > > Now I'm starting to think that I'm looking at two different things as the > nsslapd-db-max-locks is increasing after boot: > > nsslapd-db-current-locks: 52 > nsslapd-db-max-locks: 72 > > nsslapd-db-current-locks: 99 > nsslapd-db-max-locks: 174 > > nsslapd-db-current-locks: 101 > nsslapd-db-max-locks: 178 > > So maybe the reason I see a large value on one machine is more indicative that > something went haywire on it making it hit the configured maximum. Not sure, I know that the monitor stats you are looking at come directly from libdb and not the core server - so it's kind of a black box. It would require debugging libdb to see why it's behaving this way. > > > > -- Identity Management Development Team -- _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

F44 election nominations now open

2026-05-13T13:40:51.920-07:00

The Fedora Project is now accepting nominations for all elected bodies until May 21, 2026. Candidates can self-nominate or be nominated by others with prior consent. Interviews are mandatory and must be completed by May 28, 2026. Elected members serve a two-release term.

https://communityblog.fedoraproject.org/f44-election-nominations-now-open/

Justin Wheeler (he/him) || 📧 jwheel@redhat.com || 🔗 jwheel.org

Formerly Justin W. Flory

Fedora Community Architect
TZ=America/Atlanta (UTC-4) 🕗

Fedora is a registered Digital Public Good

While I may be sending this email outside my normal office hours, I have no expectation to receive a reply outside yours.

-- _______________________________________________ announce mailing list -- announce@lists.fedoraproject.org To unsubscribe send an email to announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/announce@lists.fedoraproject.org Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[389-users] Re: Cannot change nsslapd-db-max-locks

2026-05-13T13:03:42.743-07:00

On 5/13/26 13:44, Mark Reynolds wrote: > > On 5/13/26 3:32 PM, Orion Poplawski via 389-users wrote: >> So it seems that something is messed up with this particular host. > The "db locks" are stored under /dev/shm/slapd-INSTANCE/ Perhaps there is > not a lot of space allocated for /dev/shm on that host? This is what it had: Filesystem Size Used Avail Use% Mounted on tmpfs 1.5G 257M 1.3G 17% /dev/shm I bumped it a bit: Filesystem Size Used Avail Use% Mounted on tmpfs 1.8G 289M 1.5G 17% /dev/shm Now I'm starting to think that I'm looking at two different things as the nsslapd-db-max-locks is increasing after boot: nsslapd-db-current-locks: 52 nsslapd-db-max-locks: 72 nsslapd-db-current-locks: 99 nsslapd-db-max-locks: 174 nsslapd-db-current-locks: 101 nsslapd-db-max-locks: 178 So maybe the reason I see a large value on one machine is more indicative that something went haywire on it making it hit the configured maximum. -- Orion Poplawski he/him/his - surely the least important thing about me Manager of IT Systems 720-772-5637 NWRA, Boulder Office FAX: 303-415-9702 3380 Mitchell Lane orion@nwra.com Boulder, CO 80301 https://www.nwra.com/

-- _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[389-users] Re: Cannot change nsslapd-db-max-locks

2026-05-13T12:44:32.228-07:00

On 5/13/26 3:32 PM, Orion Poplawski via 389-users wrote: > On 5/13/26 07:41, Viktor Ashirov wrote: >> Hi, >> >> >> On Tue, May 12, 2026 at 4:46 PM Orion Poplawski via 389-users <389- >> users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org>> wrote: >> >> On one of our EL9 IPA servers I'm unable to change nsslapd-db-max-locks >> >> nsslapd-db-max-locks shows the peak concurrent lock count since the last >> restart. It's not meant to be changed. >> >> >> ldapsearch returns: >> >> # database, monitor, ldbm database, plugins, config >> dn: cn=database,cn=monitor,cn=ldbm database,cn=plugins,cn=config >> nsslapd-db-current-locks: 96 >> nsslapd-db-max-locks: 179 >> >> dsconf config get returns: >> >> nsslapd-db-locks: 50018 >> >> I've restarted many times. Changed the value a couple of times. What's up? >> >> How exactly do you change them? >> This works for me: >> dsconf <instance> backend config set --locks 100000 >> >> After restart in the error logs: >> [13/May/2026:08:11:01.395692873 -0400] - NOTICE - bdb_start - Resizing max db >> lock count: 50000 -> 100000 > Yeah, I'm using dsconf backend config set to set it. I do see that message: > > [11/May/2026:09:39:25.771331509 -0600] - NOTICE - bdb_start - Resizing max db > lock count: 50000 -> 50018 > > and dsconf config get shows: > > nsslapd-db-locks: 50018 > > but the ldapsearch results stay small as above. > > Other machines the ldapsearch show the larger number: > > # database, monitor, ldbm database, plugins, config > dn: cn=database,cn=monitor,cn=ldbm database,cn=plugins,cn=config > nsslapd-db-current-locks: 114 > nsslapd-db-max-locks: 50018 > > So it seems that something is messed up with this particular host. The "db locks" are stored under /dev/shm/slapd-INSTANCE/ Perhaps there is not a lot of space allocated for /dev/shm on that host? > > > -- Identity Management Development Team -- _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[389-users] Re: Cannot change nsslapd-db-max-locks

2026-05-13T12:32:56.980-07:00

On 5/13/26 07:41, Viktor Ashirov wrote: > Hi, > > > On Tue, May 12, 2026 at 4:46 PM Orion Poplawski via 389-users <389- > users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org>> wrote: > > On one of our EL9 IPA servers I'm unable to change nsslapd-db-max-locks > > nsslapd-db-max-locks shows the peak concurrent lock count since the last > restart. It's not meant to be changed. > > > ldapsearch returns: > > # database, monitor, ldbm database, plugins, config > dn: cn=database,cn=monitor,cn=ldbm database,cn=plugins,cn=config > nsslapd-db-current-locks: 96 > nsslapd-db-max-locks: 179 > > dsconf config get returns: > > nsslapd-db-locks: 50018 > > I've restarted many times. Changed the value a couple of times. What's up? > > How exactly do you change them? > This works for me: > dsconf <instance> backend config set --locks 100000 > > After restart in the error logs: > [13/May/2026:08:11:01.395692873 -0400] - NOTICE - bdb_start - Resizing max db > lock count: 50000 -> 100000 Yeah, I'm using dsconf backend config set to set it. I do see that message: [11/May/2026:09:39:25.771331509 -0600] - NOTICE - bdb_start - Resizing max db lock count: 50000 -> 50018 and dsconf config get shows: nsslapd-db-locks: 50018 but the ldapsearch results stay small as above. Other machines the ldapsearch show the larger number: # database, monitor, ldbm database, plugins, config dn: cn=database,cn=monitor,cn=ldbm database,cn=plugins,cn=config nsslapd-db-current-locks: 114 nsslapd-db-max-locks: 50018 So it seems that something is messed up with this particular host. -- Orion Poplawski he/him/his - surely the least important thing about me Manager of IT Systems 720-772-5637 NWRA, Boulder Office FAX: 303-415-9702 3380 Mitchell Lane orion@nwra.com Boulder, CO 80301 https://www.nwra.com/

[389-users] Re: Cannot change nsslapd-db-max-locks

2026-05-13T06:42:01.654-07:00

Hi,

On Tue, May 12, 2026 at 4:46 PM Orion Poplawski via 389-users <389-users@lists.fedoraproject.org> wrote:

On one of our EL9 IPA servers I'm unable to change nsslapd-db-max-locks

nsslapd-db-max-locks shows the peak concurrent lock count since the last restart. It's not meant to be changed.

ldapsearch returns:

# database, monitor, ldbm database, plugins, config
dn: cn=database,cn=monitor,cn=ldbm database,cn=plugins,cn=config
nsslapd-db-current-locks: 96
nsslapd-db-max-locks: 179

dsconf config get returns:

nsslapd-db-locks: 50018

I've restarted many times. Changed the value a couple of times. What's up?

How exactly do you change them?

This works for me:

dsconf <instance> backend config set --locks 100000

After restart in the error logs:
[13/May/2026:08:11:01.395692873 -0400] - NOTICE - bdb_start - Resizing max db lock count: 50000 -> 100000

389-ds-base-2.7.0-12.el9_7.x86_64

--
Orion Poplawski
he/him/his - surely the least important thing about me
Manager of IT Systems 720-772-5637
NWRA, Boulder Office FAX: 303-415-9702
3380 Mitchell Lane orion@nwra.com
Boulder, CO 80301 https://www.nwra.com/

--
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

Viktor

[389-users] Cannot change nsslapd-db-max-locks

2026-05-12T07:46:55.224-07:00

On one of our EL9 IPA servers I'm unable to change nsslapd-db-max-locks ldapsearch returns: # database, monitor, ldbm database, plugins, config dn: cn=database,cn=monitor,cn=ldbm database,cn=plugins,cn=config nsslapd-db-current-locks: 96 nsslapd-db-max-locks: 179 dsconf config get returns: nsslapd-db-locks: 50018 I've restarted many times. Changed the value a couple of times. What's up? 389-ds-base-2.7.0-12.el9_7.x86_64 -- Orion Poplawski he/him/his - surely the least important thing about me Manager of IT Systems 720-772-5637 NWRA, Boulder Office FAX: 303-415-9702 3380 Mitchell Lane orion@nwra.com Boulder, CO 80301 https://www.nwra.com/

[389-users] Re: [EXTERNAL\EXTERNE:] Re: version 3.1 : ERR - attrcrypt_ciphe

2026-05-11T08:20:53.645-07:00

I see I am missing the entries for

nsSSL3Ciphers in my exisitng cfg please how to resolve this now ?

Initail the server was cfg withour TLS Certs in place for testing only next we put the Certs but seeing the errors after ldap restart.

dn: cn=encryption,cn=config
bjectClass: top
objectClass: nsEncryptionConfig
cn: encryption
nsSSLSessionTimeout: 0
nsSSLClientAuth: allowed
CACertExtractFile: /tmp/slapd-testldap/Self-Signed-CA.pem
modifiersName: cn=server,cn=plugins,cn=config
modifyTimestamp: 20260128211815Z
numSubordinates: 1

From: Ghiurea, Isabella
Sent: Monday, May 11, 2026 8:12:13 AM
To: Mark Reynolds; General discussion list for the 389 Directory server project.
Subject: Re: [EXTERNAL\EXTERNE:] Re: [389-users] version 3.1 : ERR - attrcrypt_ciphe

This is my full log after restart and the OS and 389-DS version::

5.14.0-611.49.2.el9_7.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Apr 30 09:05:08 EDT 2026 x86_64 GNU/Linux
389-ds-base-libs-3.1.3-7.el10_1.x86_64

1/May/2026:08:08:06.489703415 -0700] - INFO - slapd_extract_cert - CA CERT NAME: Entrust OV TLS Issuing RSA CA 1 - SSL Corporation
[11/May/2026:08:08:06.491682937 -0700] - INFO - slapd_extract_cert - CA CERT NAME: Self-Signed-CA
[11/May/2026:08:08:06.492152194 -0700] - WARN - Security Initialization - SSL alert: Sending pin request to SVRCore. You may need to run systemd-tty-ask-password-agent to provide the password if pin.txt does not exist.
[11/May/2026:08:08:06.518750646 -0700] - INFO - slapd_extract_cert - SERVER CERT NAME: Server-Cert
[11/May/2026:08:08:06.553993372 -0700] - INFO - Security Initialization - SSL info: Enabling default cipher set.
[11/May/2026:08:08:06.554338296 -0700] - INFO - Security Initialization - SSL info: Configured NSS Ciphers
[11/May/2026:08:08:06.554580339 -0700] - INFO - Security Initialization - SSL info:     TLS_AES_128_GCM_SHA256: enabled
[11/May/2026:08:08:06.554917810 -0700] - INFO - Security Initialization - SSL info:     TLS_CHACHA20_POLY1305_SHA256: enabled
[11/May/2026:08:08:06.555192333 -0700] - INFO - Security Initialization - SSL info:     TLS_AES_256_GCM_SHA384: enabled
[11/May/2026:08:08:06.555360588 -0700] - INFO - Security Initialization - SSL info:     TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
[11/May/2026:08:08:06.555512802 -0700] - INFO - Security Initialization - SSL info:     TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
[11/May/2026:08:08:06.555660128 -0700] - INFO - Security Initialization - SSL info:     TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: enabled
[11/May/2026:08:08:06.555820939 -0700] - INFO - Security Initialization - SSL info:     TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: enabled
[11/May/2026:08:08:06.555971791 -0700] - INFO - Security Initialization - SSL info:     TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled
[11/May/2026:08:08:06.556116070 -0700] - INFO - Security Initialization - SSL info:     TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled
[11/May/2026:08:08:06.556262604 -0700] - INFO - Security Initialization - SSL info:     TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
[11/May/2026:08:08:06.556408537 -0700] - INFO - Security Initialization - SSL info:     TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
[11/May/2026:08:08:06.556551104 -0700] - INFO - Security Initialization - SSL info:     TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
[11/May/2026:08:08:06.556695374 -0700] - INFO - Security Initialization - SSL info:     TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: enabled
[11/May/2026:08:08:06.556846817 -0700] - INFO - Security Initialization - SSL info:     TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: enabled
[11/May/2026:08:08:06.556994573 -0700] - INFO - Security Initialization - SSL info:     TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
[11/May/2026:08:08:06.557139865 -0700] - INFO - Security Initialization - SSL info:     TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
[11/May/2026:08:08:06.557287401 -0700] - INFO - Security Initialization - SSL info:     TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256: enabled
[11/May/2026:08:08:06.557431420 -0700] - INFO - Security Initialization - SSL info:     TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: enabled
[11/May/2026:08:08:06.557573065 -0700] - INFO - Security Initialization - SSL info:     TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
[11/May/2026:08:08:06.557726221 -0700] - INFO - Security Initialization - SSL info:     TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
[11/May/2026:08:08:06.557886871 -0700] - INFO - Security Initialization - SSL info:     TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
[11/May/2026:08:08:06.558041370 -0700] - INFO - Security Initialization - SSL info:     TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
[11/May/2026:08:08:06.563964174 -0700] - INFO - Security Initialization - slapd_ssl_init2 - Configured SSL version range: min: TLS1.2, max: TLS1.3
[11/May/2026:08:08:06.564487373 -0700] - INFO - Security Initialization - slapd_ssl_init2 - NSS adjusted SSL version range: min: TLS1.2, max: TLS1.3
[11/May/2026:08:08:06.564835995 -0700] - INFO - main - 389-Directory/3.1.3 B2026.051.0000 starting up
[11/May/2026:08:08:06.565071755 -0700] - INFO - main - Setting the maximum file descriptor limit to: 1048576
[11/May/2026:08:08:06.571042469 -0700] - INFO - PBKDF2-SHA1 - Number of iterations set to 100000 from default
[11/May/2026:08:08:06.571406910 -0700] - INFO - PBKDF2-SHA1 - Number of iterations set to 100000 from default
[11/May/2026:08:08:06.571637361 -0700] - INFO - PBKDF2-SHA256 - Number of iterations set to 100000 from default
[11/May/2026:08:08:06.571870307 -0700] - INFO - PBKDF2-SHA512 - Number of iterations set to 100000 from default
[11/May/2026:08:08:06.692829541 -0700] - INFO - PBKDF2_SHA256 - Based on CPU performance, chose 3000 rounds
[11/May/2026:08:08:06.697571186 -0700] - INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000
[11/May/2026:08:08:06.703451140 -0700] - INFO - dbmdb_make_env - MDB environment created with maxsize=6442450944.
[11/May/2026:08:08:06.703753165 -0700] - INFO - dbmdb_make_env - MDB environment created with max readers=126.
[11/May/2026:08:08:06.703942058 -0700] - INFO - dbmdb_make_env - MDB environment created with max database instances=512.
[11/May/2026:08:08:06.704770127 -0700] - ERR - attrcrypt_cipher_init - Failed to retrieve key for cipher AES (2)
[11/May/2026:08:08:06.704994095 -0700] - ERR - attrcrypt_cipher_init - Failed to retrieve key for cipher 3DES (2)
[11/May/2026:08:08:06.705155447 -0700] - ERR - attrcrypt_init - All prepared ciphers are not available. Please disable attribute encryption.
[11/May/2026:08:08:06.750376700 -0700] - INFO - connection_table_new - Number of connection sub-tables 1, each containing 63937 slots.
[11/May/2026:08:08:06.777423200 -0700] - INFO - slapd_daemon - slapd started. Listening on All Interfaces port 389 for LDAP requests
[11/May/2026:08:08:06.777828878 -0700] - INFO - slapd_daemon - Listening on All Interfaces port 636 for LDAPS requests

From: Mark Reynolds <mareynol@redhat.com>
Sent: Friday, May 8, 2026 2:14:23 PM
To: General discussion list for the 389 Directory server project.
Cc: Ghiurea, Isabella
Subject: [EXTERNAL\EXTERNE:] Re: [389-users] version 3.1 : ERR - attrcrypt_ciphe

***Attention*** This email originated from outside of the NRC. ***Attention*** Ce courriel provient de l'extérieur du CNRC.

I haven't seen this particular error before. Here is my error log at startup. Does your log look similar to this (besides the error)?

[05/May/2026:10:38:38.570345263 -0400] - INFO - slapd_extract_cert - CA CERT NAME: Self-Signed-CA
[05/May/2026:10:38:38.575013995 -0400] - WARN - Security Initialization - SSL alert: Sending pin request to SVRCore. You may need to run systemd-tty-ask-password-agent to provide the password if pin.txt does not exist.
[05/May/2026:10:38:38.596977165 -0400] - INFO - slapd_extract_cert - SERVER CERT NAME: Server-Cert
[05/May/2026:10:38:38.628070445 -0400] - INFO - Security Initialization - SSL info: Enabling default cipher set.
[05/May/2026:10:38:38.629070043 -0400] - INFO - Security Initialization - SSL info: Configured NSS Ciphers
[05/May/2026:10:38:38.629758473 -0400] - INFO - Security Initialization - SSL info: TLS_AES_128_GCM_SHA256: enabled
[05/May/2026:10:38:38.630223912 -0400] - INFO - Security Initialization - SSL info: TLS_CHACHA20_POLY1305_SHA256: enabled
[05/May/2026:10:38:38.630729097 -0400] - INFO - Security Initialization - SSL info: TLS_AES_256_GCM_SHA384: enabled
...

...

[05/May/2026:10:38:38.646869597 -0400] - INFO - Security Initialization - slapd_ssl_init2 - Configured SSL version range: min: TLS1.2, max: TLS1.3
[05/May/2026:10:38:38.647319500 -0400] - INFO - Security Initialization - slapd_ssl_init2 - NSS adjusted SSL version range: min: TLS1.2, max: TLS1.3
[05/May/2026:10:38:38.647903706 -0400] - INFO - main - 389-Directory/3.2.0 DEVELOPER BUILD B0000.000.0000 starting up
...

...
[05/May/2026:10:38:38.758475494 -0400] - INFO - dbmdb_make_env - MDB environment created with maxsize=21474836480 (20.0 GB)
[05/May/2026:10:38:38.759509913 -0400] - INFO - dbmdb_make_env - MDB environment created with max readers=126
[05/May/2026:10:38:38.760668867 -0400] - INFO - dbmdb_make_env - MDB environment created with max database instances=512
[05/May/2026:10:38:38.763059652 -0400] - NOTICE - attrcrypt_cipher_init - No symmetric key found for cipher AES in backend userroot, attempting to create one...
[05/May/2026:10:38:38.765674326 -0400] - INFO - attrcrypt_cipher_init - Key for cipher AES successfully generated and stored
[05/May/2026:10:38:38.766149695 -0400] - NOTICE - attrcrypt_cipher_init - No symmetric key found for cipher 3DES in backend userroot, attempting to create one...
[05/May/2026:10:38:38.768561634 -0400] - INFO - attrcrypt_cipher_init - Key for cipher 3DES successfully generated and stored

Are you running the server with security enabled?

Have you explicitly enabled/disable specific ciphers under cn=encryption,cn=config ?

dn: cn=encryption,cn=config
objectClass: top
objectClass: nsEncryptionConfig
cn: encryption
nsSSLSessionTimeout: 0
nsSSLClientAuth: allowed
CACertExtractFile: /tmp/slapd-localhost/Self-Signed-CA.pem
nsSSL3Ciphers: +all,-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

Also what platform are you running this on? What rpm version of "nss" is installed? This could also be related to your system's crypto policy.

Thanks,

Mark

On 5/8/26 4:11 PM, Ghiurea, Isabella via 389-users wrote:

After installing new Certs on version 389-ds-base-libs-3.1.3-7.el10_1.x86_64 ,

I am seeing the following ERR in errolog when restarting the ldap.

[08/May/2026:12:47:19.286692556 -0700] - INFO - dbmdb_make_env - MDB environment created with max database instances=512.
[08/May/2026:12:47:19.287568735 -0700] - ERR - attrcrypt_cipher_init - Failed to retrieve key for cipher AES (2)
[08/May/2026:12:47:19.287866902 -0700] - ERR - attrcrypt_cipher_init - Failed to retrieve key for cipher 3DES (2)
[08/May/2026:12:47:19.288083818 -0700] - ERR - attrcrypt_init - All prepared ciphers are not available. Please disable attribute encryption.

And here are my entries for encryption in dse.ldif :

dn: cn=encrypted attribute keys,cn=userroot,cn=ldbm database,cn=plugins,cn=con
fig
objectClass: top
objectClass: extensibleObject
cn: encrypted attribute keys
creatorsName: cn=ldbm database,cn=plugins,cn=config
modifiersName: cn=ldbm database,cn=plugins,cn=config
createTimestamp: 20260128,........
modifyTimestamp: 20260128........
numSubordinates: 2

dn: cn=encrypted attributes,cn=userroot,cn=ldbm database,cn=plugins,cn=config
objectClass: top
objectClass: extensibleObject
cn: encrypted attributes
creatorsName: cn=ldbm database,cn=plugins,cn=config
modifiersName: cn=ldbm database,cn=plugins,cn=config
createTimestamp: 202601282....
modifyTimestamp: 20260128....

What else must be change to eliminate the errors.

thank you !

-- 
Identity Management Development Team

[389-users] Re: [EXTERNAL\EXTERNE:] Re: version 3.1 : ERR - attrcrypt_ciphe

2026-05-11T08:15:53.022-07:00

This is my full log after restart and the OS and 389-DS version::

5.14.0-611.49.2.el9_7.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Apr 30 09:05:08 EDT 2026 x86_64 GNU/Linux
389-ds-base-libs-3.1.3-7.el10_1.x86_64

***Attention*** This email originated from outside of the NRC. ***Attention*** Ce courriel provient de l'extérieur du CNRC.

I haven't seen this particular error before. Here is my error log at startup. Does your log look similar to this (besides the error)?

...

Are you running the server with security enabled?

Have you explicitly enabled/disable specific ciphers under cn=encryption,cn=config ?

Also what platform are you running this on? What rpm version of "nss" is installed? This could also be related to your system's crypto policy.

Thanks,

Mark

On 5/8/26 4:11 PM, Ghiurea, Isabella via 389-users wrote:

After installing new Certs on version 389-ds-base-libs-3.1.3-7.el10_1.x86_64 ,

I am seeing the following ERR in errolog when restarting the ldap.

[08/May/2026:12:47:19.286692556 -0700] - INFO - dbmdb_make_env - MDB environment created with max database instances=512.
[08/May/2026:12:47:19.287568735 -0700] - ERR - attrcrypt_cipher_init - Failed to retrieve key for cipher AES (2)
[08/May/2026:12:47:19.287866902 -0700] - ERR - attrcrypt_cipher_init - Failed to retrieve key for cipher 3DES (2)
[08/May/2026:12:47:19.288083818 -0700] - ERR - attrcrypt_init - All prepared ciphers are not available. Please disable attribute encryption.

And here are my entries for encryption in dse.ldif :

dn: cn=encrypted attribute keys,cn=userroot,cn=ldbm database,cn=plugins,cn=con
fig
objectClass: top
objectClass: extensibleObject
cn: encrypted attribute keys
creatorsName: cn=ldbm database,cn=plugins,cn=config
modifiersName: cn=ldbm database,cn=plugins,cn=config
createTimestamp: 20260128,........
modifyTimestamp: 20260128........
numSubordinates: 2

dn: cn=encrypted attributes,cn=userroot,cn=ldbm database,cn=plugins,cn=config
objectClass: top
objectClass: extensibleObject
cn: encrypted attributes
creatorsName: cn=ldbm database,cn=plugins,cn=config
modifiersName: cn=ldbm database,cn=plugins,cn=config
createTimestamp: 202601282....
modifyTimestamp: 20260128....

What else must be change to eliminate the errors.

thank you !

-- 
Identity Management Development Team

[Test-Announce] Fedora 45 Rawhide 20260511.n.0 nightly compose nominated for testing

2026-05-10T23:45:49.544-07:00

Announcing the creation of a new nightly release validation test event for Fedora 45 Rawhide 20260511.n.0. Please help run some tests for this nightly compose if you have time. For more information on nightly release validation testing, see: https://fedoraproject.org/wiki/QA:Release_validation_test_plan Notable package version changes: anaconda - 20260508.n.0: anaconda-45.1-1.fc45.src, 20260511.n.0: anaconda-45.2-1.fc45.src Test coverage information for the current release can be seen at: https://openqa.fedoraproject.org/testcase_stats/45 You can see all results, find testing instructions and image download locations, and enter results on the Summary page: https://fedoraproject.org/wiki/Test_Results:Fedora_45_Rawhide_20260511.n.0_Summary The individual test result pages are: https://fedoraproject.org/wiki/Test_Results:Fedora_45_Rawhide_20260511.n.0_Installation https://fedoraproject.org/wiki/Test_Results:Fedora_45_Rawhide_20260511.n.0_Base https://fedoraproject.org/wiki/Test_Results:Fedora_45_Rawhide_20260511.n.0_Server https://fedoraproject.org/wiki/Test_Results:Fedora_45_Rawhide_20260511.n.0_Cloud https://fedoraproject.org/wiki/Test_Results:Fedora_45_Rawhide_20260511.n.0_Desktop https://fedoraproject.org/wiki/Test_Results:Fedora_45_Rawhide_20260511.n.0_Security_Lab Thank you for testing! -- Mail generated by relvalconsumer: https://forge.fedoraproject.org/quality/relvalconsumer -- _______________________________________________ test-announce mailing list -- test-announce@lists.fedoraproject.org To unsubscribe send an email to test-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/test-announce@lists.fedoraproject.org Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[Test-Announce] Test Days: Podman 6.0

2026-05-10T23:31:27.655-07:00

Greetings testers! Please join us for upcoming Test Days [1] and help us improve Fedora's quality and stability. Your participation helps us find and fix bugs before the next release, ensuring a smoother experience for all users. This time we'll focus on testing the Podman. Test period: 2026-05-11 to 2026-05-15 Test instructions: https://fedoraproject.org/wiki/Test_Day:2026-05-11_Podman_6.0 Thank you. Petr Sklenar Fedora Quality -- _______________________________________________ test-announce mailing list -- test-announce@lists.fedoraproject.org To unsubscribe send an email to test-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/test-announce@lists.fedoraproject.org Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

Self-Introduction: Alberto García Fernández (Spanish)

2026-05-10T12:14:15.206-07:00

Name: Alberto García Fernández (Alberto)
Location: Gijón, Spain

Language: Spanish

About me: I'm a Linux end user (not a programmer or web developer) and free software enthusiast. I'd like to contribute with Spanish L10N team as a form of gratitude for this software. I'd like to practice my English too.

About Fedora Project and me: In the past, I used Fedora, but I haven't used Linux in many years. I use GNOME desktop, another project that I like a lot. Finally I'd like to contribute with Fedora's marketing team in Spanish.

GPG KEYID and fingerprint: gpg --fingerprint 0379658C

pub ed25519 2026-05-08 [SC] [caduca: 2029-05-07]

1DA6 61E2 BFF5 CEFC A71D 09A2 EEFE E8D6 0379 658C

uid [ absoluta ] Alberto García Fernández <algarcia (at) fedoraproject.org>

sub cv25519 2026-05-08 [E] [caduca: 2029-05-07]

-- _______________________________________________ trans mailing list -- trans@lists.fedoraproject.org To unsubscribe send an email to trans-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/trans@lists.fedoraproject.org Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[Test-Announce] 2026-05-11 @ 15:00 UTC - Fedora Quality Meeting?

2026-05-10T05:04:06.790-07:00

# Fedora Quality Assurance Meeting # Date: 2026-05-11 # Time: 15:00 UTC (https://fedoraproject.org/wiki/Infrastructure/UTCHowto) # Location: https://matrix.to/#/#meeting:fedoraproject.org?web-instance[element.io]=chat.fedoraproject.org Greetings testers! It's meeting time again. I may not be around to run it, though. If I don't make it and anyone else wants to run it, please go ahead, it's easy! The SOP is at https://fedoraproject.org/wiki/QA:SOP_Matrix_meeting_process . I didn't have anything particular to discuss, just a quick status check-in as usual. Here is a handy link which should show you the meeting time in your local time: https://www.timeanddate.com/worldclock/fixedtime.html?msg=Fedora+quality+meeting&iso=20260511T15&p1=1440&ah=1 If anyone has any other items for the agenda, please reply to this email and suggest them! Thanks. == Proposed Agenda Topics == 1. Previous meeting follow-up 2. Fedora 44 and 45 status 3. Test Day / community event status 4. Open floor -- Adam Williamson (he/him/his) Fedora QA Fedora Chat: @adamwill:fedora.im | Mastodon: @adamw@fosstodon.org https://www.happyassassin.net -- Adam Williamson (he/him/his) Fedora QA Fedora Chat: @adamwill:fedora.im | Mastodon: @adamw@fosstodon.org https://www.happyassassin.net -- _______________________________________________ test-announce mailing list -- test-announce@lists.fedoraproject.org To unsubscribe send an email to test-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/test-announce@lists.fedoraproject.org Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[Test-Announce] Fedora 45 Rawhide 20260508.n.0 nightly compose nominated for testing

2026-05-08T21:36:45.656-07:00

Announcing the creation of a new nightly release validation test event for Fedora 45 Rawhide 20260508.n.0. Please help run some tests for this nightly compose if you have time. For more information on nightly release validation testing, see: https://fedoraproject.org/wiki/QA:Release_validation_test_plan Notable package version changes: anaconda - 20260505.n.0: anaconda-44.35-1.fc45.src, 20260508.n.0: anaconda-45.1-1.fc45.src pungi - 20260505.n.0: pungi-4.10.1-6.fc45.src, 20260508.n.0: pungi-4.13.0-1.fc45.src Test coverage information for the current release can be seen at: https://openqa.fedoraproject.org/testcase_stats/45 You can see all results, find testing instructions and image download locations, and enter results on the Summary page: https://fedoraproject.org/wiki/Test_Results:Fedora_45_Rawhide_20260508.n.0_Summary The individual test result pages are: https://fedoraproject.org/wiki/Test_Results:Fedora_45_Rawhide_20260508.n.0_Installation https://fedoraproject.org/wiki/Test_Results:Fedora_45_Rawhide_20260508.n.0_Base https://fedoraproject.org/wiki/Test_Results:Fedora_45_Rawhide_20260508.n.0_Server https://fedoraproject.org/wiki/Test_Results:Fedora_45_Rawhide_20260508.n.0_Cloud https://fedoraproject.org/wiki/Test_Results:Fedora_45_Rawhide_20260508.n.0_Desktop https://fedoraproject.org/wiki/Test_Results:Fedora_45_Rawhide_20260508.n.0_Security_Lab Thank you for testing! -- Mail generated by relvalconsumer: https://forge.fedoraproject.org/quality/relvalconsumer -- _______________________________________________ test-announce mailing list -- test-announce@lists.fedoraproject.org To unsubscribe send an email to test-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/test-announce@lists.fedoraproject.org Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[389-users] Re: version 3.1 : ERR - attrcrypt_ciphe

2026-05-08T14:53:01.867-07:00

Some more notes:

is it possible the LDAP SSL server certificate was changed or renewed?

I believe newer instances use AES for attribute encryption, not 3DES anymore

It seems the entries cn=AES and cn=3DES exist, so the nsSymmetricKey attribute might be absent or empty ( like if an instance was created without a SSL server cert) , or there was some "incomplete" configuration at some point

No subordinates value for:

dn: cn=encrypted attributes,cn=userroot,cn=ldbm database,cn=plugins,cn=config

if attribute encryption is not used, an option may be to remove the 2 entries cn=AES and cn=3DES under

dn: cn=encrypted attribute keys,cn=userroot,cn=ldbm database,cn=plugins,cn=config

and restart the LDAP service

if NSS is configured with a SSL server certificate, those 2 entries should then be created and initialized with a key

Thanks,

Marc S.

On Fri, May 8, 2026 at 9:14 PM Mark Reynolds via 389-users <389-users@lists.fedoraproject.org> wrote:

I haven't seen this particular error before. Here is my error log at startup. Does your log look similar to this (besides the error)?

[05/May/2026:10:38:38.570345263 -0400] - INFO - slapd_extract_cert - CA CERT NAME: Self-Signed-CA
[05/May/2026:10:38:38.575013995 -0400] - WARN - Security Initialization - SSL alert: Sending pin request to SVRCore. You may need to run systemd-tty-ask-password-agent to provide the password if pin.txt does not exist.
[05/May/2026:10:38:38.596977165 -0400] - INFO - slapd_extract_cert - SERVER CERT NAME: Server-Cert
[05/May/2026:10:38:38.628070445 -0400] - INFO - Security Initialization - SSL info: Enabling default cipher set.
[05/May/2026:10:38:38.629070043 -0400] - INFO - Security Initialization - SSL info: Configured NSS Ciphers
[05/May/2026:10:38:38.629758473 -0400] - INFO - Security Initialization - SSL info: TLS_AES_128_GCM_SHA256: enabled
[05/May/2026:10:38:38.630223912 -0400] - INFO - Security Initialization - SSL info: TLS_CHACHA20_POLY1305_SHA256: enabled
[05/May/2026:10:38:38.630729097 -0400] - INFO - Security Initialization - SSL info: TLS_AES_256_GCM_SHA384: enabled
...

...

[05/May/2026:10:38:38.646869597 -0400] - INFO - Security Initialization - slapd_ssl_init2 - Configured SSL version range: min: TLS1.2, max: TLS1.3
[05/May/2026:10:38:38.647319500 -0400] - INFO - Security Initialization - slapd_ssl_init2 - NSS adjusted SSL version range: min: TLS1.2, max: TLS1.3
[05/May/2026:10:38:38.647903706 -0400] - INFO - main - 389-Directory/3.2.0 DEVELOPER BUILD B0000.000.0000 starting up
...

...
[05/May/2026:10:38:38.758475494 -0400] - INFO - dbmdb_make_env - MDB environment created with maxsize=21474836480 (20.0 GB)
[05/May/2026:10:38:38.759509913 -0400] - INFO - dbmdb_make_env - MDB environment created with max readers=126
[05/May/2026:10:38:38.760668867 -0400] - INFO - dbmdb_make_env - MDB environment created with max database instances=512
[05/May/2026:10:38:38.763059652 -0400] - NOTICE - attrcrypt_cipher_init - No symmetric key found for cipher AES in backend userroot, attempting to create one...
[05/May/2026:10:38:38.765674326 -0400] - INFO - attrcrypt_cipher_init - Key for cipher AES successfully generated and stored
[05/May/2026:10:38:38.766149695 -0400] - NOTICE - attrcrypt_cipher_init - No symmetric key found for cipher 3DES in backend userroot, attempting to create one...
[05/May/2026:10:38:38.768561634 -0400] - INFO - attrcrypt_cipher_init - Key for cipher 3DES successfully generated and stored

Are you running the server with security enabled?

Have you explicitly enabled/disable specific ciphers under cn=encryption,cn=config ?

dn: cn=encryption,cn=config
objectClass: top
objectClass: nsEncryptionConfig
cn: encryption
nsSSLSessionTimeout: 0
nsSSLClientAuth: allowed
CACertExtractFile: /tmp/slapd-localhost/Self-Signed-CA.pem
nsSSL3Ciphers: +all,-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

Also what platform are you running this on? What rpm version of "nss" is installed? This could also be related to your system's crypto policy.

Thanks,

Mark

On 5/8/26 4:11 PM, Ghiurea, Isabella via 389-users wrote:

After installing new Certs on version 389-ds-base-libs-3.1.3-7.el10_1.x86_64 ,

I am seeing the following ERR in errolog when restarting the ldap.

[08/May/2026:12:47:19.286692556 -0700] - INFO - dbmdb_make_env - MDB environment created with max database instances=512.
[08/May/2026:12:47:19.287568735 -0700] - ERR - attrcrypt_cipher_init - Failed to retrieve key for cipher AES (2)
[08/May/2026:12:47:19.287866902 -0700] - ERR - attrcrypt_cipher_init - Failed to retrieve key for cipher 3DES (2)
[08/May/2026:12:47:19.288083818 -0700] - ERR - attrcrypt_init - All prepared ciphers are not available. Please disable attribute encryption.

And here are my entries for encryption in dse.ldif :

dn: cn=encrypted attribute keys,cn=userroot,cn=ldbm database,cn=plugins,cn=con
fig
objectClass: top
objectClass: extensibleObject
cn: encrypted attribute keys
creatorsName: cn=ldbm database,cn=plugins,cn=config
modifiersName: cn=ldbm database,cn=plugins,cn=config
createTimestamp: 20260128,........
modifyTimestamp: 20260128........
numSubordinates: 2

dn: cn=encrypted attributes,cn=userroot,cn=ldbm database,cn=plugins,cn=config
objectClass: top
objectClass: extensibleObject
cn: encrypted attributes
creatorsName: cn=ldbm database,cn=plugins,cn=config
modifiersName: cn=ldbm database,cn=plugins,cn=config
createTimestamp: 202601282....
modifyTimestamp: 20260128....

What else must be change to eliminate the errors.

thank you !
-- 
Identity Management Development Team
--
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[389-users] Re: version 3.1 : ERR - attrcrypt_ciphe

2026-05-08T14:14:33.906-07:00

I haven't seen this particular error before. Here is my error log at startup. Does your log look similar to this (besides the error)?

...

Are you running the server with security enabled?

Have you explicitly enabled/disable specific ciphers under cn=encryption,cn=config ?

Also what platform are you running this on? What rpm version of "nss" is installed? This could also be related to your system's crypto policy.

Thanks,

Mark

On 5/8/26 4:11 PM, Ghiurea, Isabella via 389-users wrote:

After installing new Certs on version 389-ds-base-libs-3.1.3-7.el10_1.x86_64 ,

I am seeing the following ERR in errolog when restarting the ldap.

[08/May/2026:12:47:19.286692556 -0700] - INFO - dbmdb_make_env - MDB environment created with max database instances=512.
[08/May/2026:12:47:19.287568735 -0700] - ERR - attrcrypt_cipher_init - Failed to retrieve key for cipher AES (2)
[08/May/2026:12:47:19.287866902 -0700] - ERR - attrcrypt_cipher_init - Failed to retrieve key for cipher 3DES (2)
[08/May/2026:12:47:19.288083818 -0700] - ERR - attrcrypt_init - All prepared ciphers are not available. Please disable attribute encryption.

And here are my entries for encryption in dse.ldif :

dn: cn=encrypted attribute keys,cn=userroot,cn=ldbm database,cn=plugins,cn=con
fig
objectClass: top
objectClass: extensibleObject
cn: encrypted attribute keys
creatorsName: cn=ldbm database,cn=plugins,cn=config
modifiersName: cn=ldbm database,cn=plugins,cn=config
createTimestamp: 20260128,........
modifyTimestamp: 20260128........
numSubordinates: 2

dn: cn=encrypted attributes,cn=userroot,cn=ldbm database,cn=plugins,cn=config
objectClass: top
objectClass: extensibleObject
cn: encrypted attributes
creatorsName: cn=ldbm database,cn=plugins,cn=config
modifiersName: cn=ldbm database,cn=plugins,cn=config
createTimestamp: 202601282....
modifyTimestamp: 20260128....

What else must be change to eliminate the errors.

thank you !

-- 
Identity Management Development Team

[389-users] Re: Backend Database(s)

2026-05-08T14:03:37.272-07:00

Currently with LMDB all databases/indexes are all stored in that single file. There is no way to change this. I'm not sure if separating each database into a separate file would have any performance benefit, but it might be worth investigating. Feel free to open a github issue for us look into it. Mark On 5/7/26 3:16 PM, Sean Weldon via 389-users wrote: > Hello All, > I'm in the process of building a 389 instance on RHEL that has > multiple backend suffixes (15+). When building a new 3.0.x instance, > 389 no longer creates a separate backend database (on file system), > and puts them all in one database (1 data.mdb file). Is there a way to > keep this separate per backend suffix (C=US, C=CA)? Documentation > makes it seem like --be-name would have this effect, but it doesn't > (still 1 data.mdb file), at least not that I can get to work. > > Best > -- Identity Management Development Team -- _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[389-users] version 3.1 : ERR - attrcrypt_ciphe

2026-05-08T13:11:35.151-07:00

After installing new Certs on version 389-ds-base-libs-3.1.3-7.el10_1.x86_64 ,

I am seeing the following ERR in errolog when restarting the ldap.

[08/May/2026:12:47:19.286692556 -0700] - INFO - dbmdb_make_env - MDB environment created with max database instances=512.
[08/May/2026:12:47:19.287568735 -0700] - ERR - attrcrypt_cipher_init - Failed to retrieve key for cipher AES (2)
[08/May/2026:12:47:19.287866902 -0700] - ERR - attrcrypt_cipher_init - Failed to retrieve key for cipher 3DES (2)
[08/May/2026:12:47:19.288083818 -0700] - ERR - attrcrypt_init - All prepared ciphers are not available. Please disable attribute encryption.

And here are my entries for encryption in dse.ldif :

dn: cn=encrypted attribute keys,cn=userroot,cn=ldbm database,cn=plugins,cn=con
fig
objectClass: top
objectClass: extensibleObject
cn: encrypted attribute keys
creatorsName: cn=ldbm database,cn=plugins,cn=config
modifiersName: cn=ldbm database,cn=plugins,cn=config
createTimestamp: 20260128,........
modifyTimestamp: 20260128........
numSubordinates: 2

dn: cn=encrypted attributes,cn=userroot,cn=ldbm database,cn=plugins,cn=config
objectClass: top
objectClass: extensibleObject
cn: encrypted attributes
creatorsName: cn=ldbm database,cn=plugins,cn=config
modifiersName: cn=ldbm database,cn=plugins,cn=config
createTimestamp: 202601282....
modifyTimestamp: 20260128....

What else must be change to eliminate the errors.

thank you !

[389-users] Backend Database(s)

2026-05-07T12:17:13.989-07:00

Hello All,

I'm in the process of building a 389 instance on RHEL that has multiple backend suffixes (15+). When building a new 3.0.x instance, 389 no longer creates a separate backend database (on file system), and puts them all in one database (1 data.mdb file). Is there a way to keep this separate per backend suffix (C=US, C=CA)? Documentation makes it seem like --be-name would have this effect, but it doesn't (still 1 data.mdb file), at least not that I can get to work.

Best

Re: Fedora Linux 42 will be End of Life next week

2026-05-07T07:48:43.525-07:00

Hi all, Please accept my apologies for the confusion caused by my previous announcement. The End of Life (EOL) date originally provided for Fedora Linux 42 was incorrect, as the message was pre-scheduled with our release calendar as source, and amidst things, I don't think the schedule was updated with the most recent information. The correct EOL date is five weeks following the release of the latest version. Given that Fedora Linux 44 was officially released on April 28th, 2026, the actual EOL for Fedora Linux 42 will be May 27, 2026. We are currently working to ensure this date is updated across all relevant systems, including Bodhi and Bugzilla. Thank you for catching this discrepancy, and I apologize for the oversight. Regards, Samyak Jain Fedora Release Engineering On Wed, May 6, 2026 at 8:10 PM Samyak Jain <samyak.jn11@gmail.com> wrote: > > Hello all, > > Fedora Linux 42 will go end-of-life for updates and support on > 2026-05-13. > No more updates of any kind, including security updates or security > announcements, will be available for Fedora Linux 42 after this > date. No pending updates for Fedora Linux 42 will be pushed to stable. > > Fedora Linux 43 will continue to receive updates until approximately > one month after the release of Fedora Linux 45. The maintenance > schedule of Fedora Linux releases is documented here[1]. The docs also > contain instructions[2] on how to upgrade from a previous release of > Fedora Linux to a version receiving updates. > > Regards, > Samyak Jain > Fedora Release Engineering > > [1] https://docs.fedoraproject.org/en-US/releases/lifecycle/#_maintenance_schedule > [2] https://docs.fedoraproject.org/en-US/quick-docs/upgrading-fedora-new-release/ -- _______________________________________________ announce mailing list -- announce@lists.fedoraproject.org To unsubscribe send an email to announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/announce@lists.fedoraproject.org Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[Test-Announce] Re: Fedora Linux 42 will be End of Life next week

2026-05-07T01:25:28.009-07:00

Hi all, Please accept my apologies for the confusion caused by my previous announcement. The End of Life (EOL) date originally provided for Fedora Linux 42 was incorrect, as the message was pre-scheduled with our release calendar as source, and amidst things, I don't think the schedule was updated with the most recent information. The correct EOL date is five weeks following the release of the latest version. Given that Fedora Linux 44 was officially released on April 28th, 2026, the actual EOL for Fedora Linux 42 will be May 27, 2026. We are currently working to ensure this date is updated across all relevant systems, including Bodhi and Bugzilla. Thank you for catching this discrepancy, and I apologize for the oversight. Regards, Samyak Jain Fedora Release Engineering On Wed, May 6, 2026 at 8:10 PM Samyak Jain <samyak.jn11@gmail.com> wrote: > > Hello all, > > Fedora Linux 42 will go end-of-life for updates and support on > 2026-05-13. > No more updates of any kind, including security updates or security > announcements, will be available for Fedora Linux 42 after this > date. No pending updates for Fedora Linux 42 will be pushed to stable. > > Fedora Linux 43 will continue to receive updates until approximately > one month after the release of Fedora Linux 45. The maintenance > schedule of Fedora Linux releases is documented here[1]. The docs also > contain instructions[2] on how to upgrade from a previous release of > Fedora Linux to a version receiving updates. > > Regards, > Samyak Jain > Fedora Release Engineering > > [1] https://docs.fedoraproject.org/en-US/releases/lifecycle/#_maintenance_schedule > [2] https://docs.fedoraproject.org/en-US/quick-docs/upgrading-fedora-new-release/ -- _______________________________________________ test-announce mailing list -- test-announce@lists.fedoraproject.org To unsubscribe send an email to test-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/test-announce@lists.fedoraproject.org Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[Bug 2336875] kbd lacks workable Georgian console layout and font, contains unworkable xkb-translated layout

2026-05-06T12:02:02.583-07:00

https://bugzilla.redhat.com/show_bug.cgi?id=2336875 Adam Williamson <awilliam@redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |ERRATA Status|POST |CLOSED Last Closed| |2026-05-06 19:01:29 --- Comment #57 from Adam Williamson <awilliam@redhat.com> --- It looks like all of this worked, we just forgot to close the ticket. I checked current Rawhide and Georgian install works great out of the box, the correct config is used, the font is correct, you can switch layout with shift+ctrl and input Georgian characters and they look fine (AFAICT). Thanks again for all the help on this, Temuri. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2336875 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-spam&short_desc=Report%20of%20Bug%202336875%23c57 -- _______________________________________________ trans mailing list -- trans@lists.fedoraproject.org To unsubscribe send an email to trans-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/trans@lists.fedoraproject.org Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

Fedora Linux 42 will be End of Life next week

2026-05-06T09:14:54.580-07:00

Hello all, Fedora Linux 42 will go end-of-life for updates and support on 2026-05-13. No more updates of any kind, including security updates or security announcements, will be available for Fedora Linux 42 after this date. No pending updates for Fedora Linux 42 will be pushed to stable. Fedora Linux 43 will continue to receive updates until approximately one month after the release of Fedora Linux 45. The maintenance schedule of Fedora Linux releases is documented here[1]. The docs also contain instructions[2] on how to upgrade from a previous release of Fedora Linux to a version receiving updates. Regards, Samyak Jain Fedora Release Engineering [1] https://docs.fedoraproject.org/en-US/releases/lifecycle/#_maintenance_schedule [2] https://docs.fedoraproject.org/en-US/quick-docs/upgrading-fedora-new-release/ -- _______________________________________________ announce mailing list -- announce@lists.fedoraproject.org To unsubscribe send an email to announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/announce@lists.fedoraproject.org Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[Test-Announce] Fedora Linux 42 will be End of Life next week

2026-05-06T08:10:56.122-07:00

Hello all, Fedora Linux 42 will go end-of-life for updates and support on 2026-05-13. No more updates of any kind, including security updates or security announcements, will be available for Fedora Linux 42 after this date. No pending updates for Fedora Linux 42 will be pushed to stable. Fedora Linux 43 will continue to receive updates until approximately one month after the release of Fedora Linux 45. The maintenance schedule of Fedora Linux releases is documented here[1]. The docs also contain instructions[2] on how to upgrade from a previous release of Fedora Linux to a version receiving updates. Regards, Samyak Jain Fedora Release Engineering [1] https://docs.fedoraproject.org/en-US/releases/lifecycle/#_maintenance_schedule [2] https://docs.fedoraproject.org/en-US/quick-docs/upgrading-fedora-new-release/ -- _______________________________________________ test-announce mailing list -- test-announce@lists.fedoraproject.org To unsubscribe send an email to test-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/test-announce@lists.fedoraproject.org Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new