>>> 3) A new default plugin requirement, the plugin being written in Rust - >>> probably >>> its introduction is FIPS-related (Issue 3584 - Fix PBKDF2_SHA256 hashing in >>> FIPS mode). >> This was a very important fix to get into 1.4.4, usually big changes do not >> land >> in 1.4.4 anymore, but this one needed to get in. > > This change was about the C code, not Rust code if I recall correctly, since > that's the inbuilt PBKDF2_SHA256 module, not the pwdchan one with openldap > compat. The RUST pbkdf2 module has existed since early 1.4.4 and that's needed > for openldap migration which we at SUSE enable by default (I don't think RH do > yet).
the changes in dse.ldif in that issue (3584) made libpwdchan-plugin required for the server (new entries in in cn=Password Storage Schemes,cn=plugins,cn=config). > > >>> See my comment >>> https://github.com/389ds/389-ds-base/issues/5008#issuecomment-983759224. >>> Rust >>> becomes a requirement for building the server, which is fine, but then it >>> should be enabled by default in "./configure". Without it the server does >>> not >>> compile the new plugin and complains about it when starting: >>> [01/Dec/2021:12:54:04.460194603 +0100] - ERR - symload_report_error - Could >>> not >>> open library "/Local/dirsrv/lib/dirsrv/plugins/libpwdchan-plugin.so" for >>> plugin >>> PBKDF2 >> Yes I do understand this frustration, and it is now fixed for non-rust >> builds. > > I think this error specifically came about if you did a rust build, then you > took rust away, it created some leftovers in dse.ldif I think (?). No, actually i have never installed rust on any of our production or build servers. dse.ldif now integrates by default rust-written plugins but --enable-rust is not a default option in ./configure, that was in fact the problem. Thank you, William! Sincerely, Andrey _______________________________________________ 389-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
