A PKI test raises

389-ds-base- is missing backport of

That is correct, I was running FreeIPA 4.4, that explains existence of 'dirsrv' user

Just for info from a f25 (where freeipa was configured) before 389-ds upgrade, I am seeing 'dirsrv' user

[root@vm1 ~]# rpm -q 389-ds-base
[root@vm1 ~]# getent passwd dirsrv

Tests of freeipa are successful with nss-3.24.0-1.2.fc24.x86_64

Test on F23 - Freeipa 4.3.1 - DS

Freeipa already installed upgrade nss-3.23->nss-3.24.0-1.2.fc24.x86_64 restart DS instance --> nss is correctly initialize nss, LDAPS working (636)

Freeipa full install with nss-3.24.0-1.2.fc24.x86_64 Installation complete successfully restart DS instance --> nss is correctly initialize nss, LDAPS working (636)

BZ#1342158 nss-3.24 does no longer support ssl V2, installation of IPA fails because nss init fails

Have done some successfull basics tests (install/uninstall , provision/update/authenticate with entries)


Installation of IPA fails with nss-3-24 because 389-ds fails to initialize nss that no longer support sslV2 (

The same installation works with nss-3.23

Breaks F24 but all releases where nss-3.23 is targeted (F23 and F22 ?)

Successful run freeipa tests on F23

Testing this version with freeipa tests. It creates more failures vs
======= 30 failed, 2201 passed, 899 skipped, 484 error in 434.95 seconds =======
====== 108 failed, 2086 passed, 892 skipped, 531 error in 417.30 seconds =======

These errors in errors log:

[26/Jan/2016:18:35:11 +0100] get_ranges - [file ipa_sidgen_common.c, line 276]: Failed to convert LDAP entry to range struct.
[26/Jan/2016:18:35:11 +0100] ipa_sidgen_add_post_op - [file ipa_sidgen.c, line 140]: Failed to get ID ranges.
[26/Jan/2016:18:35:11 +0100] NSMMReplicationPlugin - process_postop: Failed to apply update () error (1).  Aborting replication session(conn=1692 op=5)

Also was enable to connect over ldapi

Tested for weeks for performance. No problem