LDAP Installation fails

Support
1

NethServer Version: 7.7.1908
Module: Account-Provider
Hi,
I’ve a problem installing a local LDAP. The installation fails and gives the following error:

Task completed with errors

Applying changes #2 (exit status 1)

[YumDownloadError] [u'Errors were encountered while downloading packages.',
u'perl-List-MoreUtils-0.33-9.el7.x86_64: [Errno 256] No more mirrors to try.', 
u'openldap-servers-2.4.44-21.el7_6.x86_64: [Errno 256] No more mirrors to try.']

The connectivity to internet works, if I do a yum update it find mirrors.

on Cockpit it is the following error:

**Error**

Local LDAP not installed.

The following command has failed:
`system-accounts-provider/update`

Unfortunately we couldn't catch the exact error. If you want to help, please click on the button below to copy the failed command to the clipboard, paste it into the Terminal and submit command output to the developers.

If I copy the command to the terminal and execute it, I get this:

[root@fw ~]# echo ‘{“action”:“local-ldap”}’ | /usr/bin/setsid /usr/bin/sudo /usr/libexec/nethserver/api/system-accounts-provider/update | jq

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Initialization”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Resolving RPM dependencies”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading Packages”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - openldap-servers-2.4.44-21.el7_6.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - openldap-servers-2.4.44-21.el7_6.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - openldap-servers-2.4.44-21.el7_6.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - perl-List-MoreUtils-0.33-9.el7.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - perl-List-MoreUtils-0.33-9.el7.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - perl-List-MoreUtils-0.33-9.el7.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - perl-List-MoreUtils-0.33-9.el7.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - perl-List-MoreUtils-0.33-9.el7.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - perl-List-MoreUtils-0.33-9.el7.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - openldap-servers-2.4.44-21.el7_6.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - openldap-servers-2.4.44-21.el7_6.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - openldap-servers-2.4.44-21.el7_6.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - openldap-servers-2.4.44-21.el7_6.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - openldap-servers-2.4.44-21.el7_6.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - openldap-servers-2.4.44-21.el7_6.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - perl-List-MoreUtils-0.33-9.el7.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - perl-List-MoreUtils-0.33-9.el7.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - perl-List-MoreUtils-0.33-9.el7.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - openldap-servers-2.4.44-21.el7_6.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - openldap-servers-2.4.44-21.el7_6.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - openldap-servers-2.4.44-21.el7_6.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - perl-List-MoreUtils-0.33-9.el7.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - perl-List-MoreUtils-0.33-9.el7.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - perl-List-MoreUtils-0.33-9.el7.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - openldap-servers-2.4.44-21.el7_6.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - openldap-servers-2.4.44-21.el7_6.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - openldap-servers-2.4.44-21.el7_6.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - perl-List-MoreUtils-0.33-9.el7.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - perl-List-MoreUtils-0.33-9.el7.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - perl-List-MoreUtils-0.33-9.el7.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - openldap-servers-2.4.44-21.el7_6.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - openldap-servers-2.4.44-21.el7_6.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - openldap-servers-2.4.44-21.el7_6.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - perl-List-MoreUtils-0.33-9.el7.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - perl-List-MoreUtils-0.33-9.el7.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - perl-List-MoreUtils-0.33-9.el7.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - openldap-servers-2.4.44-21.el7_6.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - openldap-servers-2.4.44-21.el7_6.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - openldap-servers-2.4.44-21.el7_6.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - perl-List-MoreUtils-0.33-9.el7.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - perl-List-MoreUtils-0.33-9.el7.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - perl-List-MoreUtils-0.33-9.el7.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - openldap-servers-2.4.44-21.el7_6.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - openldap-servers-2.4.44-21.el7_6.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - openldap-servers-2.4.44-21.el7_6.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - perl-List-MoreUtils-0.33-9.el7.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - perl-List-MoreUtils-0.33-9.el7.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - perl-List-MoreUtils-0.33-9.el7.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - openldap-servers-2.4.44-21.el7_6.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - openldap-servers-2.4.44-21.el7_6.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - openldap-servers-2.4.44-21.el7_6.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - perl-List-MoreUtils-0.33-9.el7.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - perl-List-MoreUtils-0.33-9.el7.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - perl-List-MoreUtils-0.33-9.el7.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - openldap-servers-2.4.44-21.el7_6.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - openldap-servers-2.4.44-21.el7_6.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - openldap-servers-2.4.44-21.el7_6.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - perl-List-MoreUtils-0.33-9.el7.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - perl-List-MoreUtils-0.33-9.el7.x86_64.rpm”

}

{

"state" : “running” ,

"steps" : -1 ,

"event" : “Downloading - perl-List-MoreUtils-0.33-9.el7.x86_64.rpm”

}

{

"status" : “failed” ,

"message" : “[YumDownloadError] [u’Errors were encountered while downloading packages.’, u’perl-List-MoreUtils-0.33-9.el7.x86_64: [Errno 256] No more mirrors to try.’, u’openldap-servers-2.4.44-21.el7_6.x86_64: [Errno 256] No more mirrors to try.’]” ,

"steps" : -1 ,

"event" : null

}

Thanks for your help.

PS: Could it be somthing with IPS or IPD? This is installed on the server and at the moment everything is set to block.

2

Yes, see Suricata rule category "policy" blocks yum - #2 by fasttech

It’s not a good idea to block everything, here is a good configuration to start with:

or a more restrictive one:

2 Likes
3

Thanks I’ll try it this evening.

We wanted to have a “secure” firewall and so we decided to use the “block all principle” and unblock it bit by bit.

4

IDP/IDS is quite different than firewall rules: you should know what are you enabling before enabling rules.
On the other hand, adding restrictive rules into firewall change a lot the things.
Because you can block anything is going out and in, and therefore add rules on top for allowing protocols, subnets, destinations…

1 Like
5

Thanks to @mrmarkuz and @pike,
I change the settings for policies to Alert and now it works.

Yes you are right, I’ll have a look at every category, what it is.

Can I block every category with IPS and set a rule at the firewall which allows traffic of this category for a specific source computer for example?

6

At the moment you can disable some rules for everybody, not for some source computer.
We worked to add an IPS bypass feature, but it didn’t work as expected in all possible configurations.

I’d suggest to start pressing the “Restore default categories” and then fine tuning suricata looking at evebox.
To disable rules, simply write the SID in /etc/pulledpork/disablesid.conf
Example content:

# ET INFO HTTP Request to Suspicious *.cloud Domain
1:2027874
1 Like