[Freeipa-devel] Database error on replicas
Oleg Fayans
ofayans at redhat.com
Wed Jun 3 08:33:01 UTC 2015
Hi,
With the latest freeipa code containing Topology plugin patches, I am
unable to make any changes in replicas.
I have the following topology:
replica1 <=> master <=> replica3
Here is the output of the ipa topologysegment-find command:
Suffix name: realm
------------------
2 segments matched
------------------
Segment name: replica1.zaeba.li-to-testmaster.zaeba.li
Left node: replica1.zaeba.li
Right node: testmaster.zaeba.li
Connectivity: both
Segment name: replica3.zaeba.li-to-testmaster.zaeba.li
Left node: replica3.zaeba.li
Right node: testmaster.zaeba.li
Connectivity: both
----------------------------
Number of entries returned 2
----------------------------
Any changes on master get replicated to replicas successfully. However,
any attempts to change anything on replicas, for example, create a user,
result in the error message about DatabaseError (attached).
The corresponding part of the dirsrv log looks like this:
03/Jun/2015:04:11:55 -0400] slapi_ldap_bind - Error: could not perform
interactive bind for id [] authentication mechanism [GSSAPI]: error -1
(Can't contact LDAP server)
[03/Jun/2015:04:15:02 -0400] slapi_ldap_bind - Error: could not send
startTLS request: error -1 (Can't contact LDAP server) errno 0 (Success)
[03/Jun/2015:04:16:55 -0400] slapd_ldap_sasl_interactive_bind - Error:
could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
-1 (Can't contact LDAP server) ((null)) errno 2 (No such file or directory)
[03/Jun/2015:04:16:55 -0400] slapi_ldap_bind - Error: could not perform
interactive bind for id [] authentication mechanism [GSSAPI]: error -1
(Can't contact LDAP server)
The full log is attached
--
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipa_database_error.png
Type: image/png
Size: 41658 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150603/498d114d/attachment.png>
-------------- next part --------------
389-Directory/1.3.4.a1 B2015.153.44
replica3.zaeba.li:389 (/etc/dirsrv/slapd-ZAEBA-LI)
[02/Jun/2015:12:01:52 -0400] - WARNING: Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database
[02/Jun/2015:12:01:52 -0400] - check_and_set_import_cache: pagesize: 4096, pages: 254384, procpages: 54105
[02/Jun/2015:12:01:52 -0400] - WARNING: After allocating import cache 407012KB, the available memory is 610524KB, which is less than the soft limit 1048576KB. You may want to decrease the import cache size and rerun import.
[02/Jun/2015:12:01:52 -0400] - Import allocates 407012KB import cache.
[02/Jun/2015:12:01:53 -0400] - import userRoot: Beginning import job...
[02/Jun/2015:12:01:53 -0400] - import userRoot: Index buffering enabled with bucket size 100
[02/Jun/2015:12:01:53 -0400] - import userRoot: Processing file "/var/lib/dirsrv/boot.ldif"
[02/Jun/2015:12:01:53 -0400] - import userRoot: Finished scanning file "/var/lib/dirsrv/boot.ldif" (1 entries)
[02/Jun/2015:12:01:53 -0400] - import userRoot: Workers finished; cleaning up...
[02/Jun/2015:12:01:54 -0400] - import userRoot: Workers cleaned up.
[02/Jun/2015:12:01:54 -0400] - import userRoot: Cleaning up producer thread...
[02/Jun/2015:12:01:54 -0400] - import userRoot: Indexing complete. Post-processing...
[02/Jun/2015:12:01:54 -0400] - import userRoot: Generating numsubordinates (this may take several minutes to complete)...
[02/Jun/2015:12:01:54 -0400] - import userRoot: Generating numSubordinates complete.
[02/Jun/2015:12:01:54 -0400] - import userRoot: Gathering ancestorid non-leaf IDs...
[02/Jun/2015:12:01:54 -0400] - import userRoot: Finished gathering ancestorid non-leaf IDs.
[02/Jun/2015:12:01:54 -0400] - Nothing to do to build ancestorid index
[02/Jun/2015:12:01:54 -0400] - import userRoot: Created ancestorid index (new idl).
[02/Jun/2015:12:01:54 -0400] - import userRoot: Flushing caches...
[02/Jun/2015:12:01:54 -0400] - import userRoot: Closing files...
[02/Jun/2015:12:01:54 -0400] - All database threads now stopped
[02/Jun/2015:12:01:54 -0400] - import userRoot: Import complete. Processed 1 entries in 1 seconds. (1.00 entries/sec)
[02/Jun/2015:12:01:55 -0400] - 389-Directory/1.3.4.a1 B2015.153.44 starting up
[02/Jun/2015:12:01:55 -0400] - Db home directory is not set. Possibly nsslapd-directory (optionally nsslapd-db-home-directory) is missing in the config file.
[02/Jun/2015:12:01:55 -0400] - resizing db cache size: 416780288 -> 10000000
[02/Jun/2015:12:01:56 -0400] - convert_pbe_des_to_aes: Converting DES passwords to AES...
[02/Jun/2015:12:01:56 -0400] - convert_pbe_des_to_aes: Successfully disabled DES plugin (cn=DES,cn=Password Storage Schemes,cn=plugins,cn=config)
[02/Jun/2015:12:01:56 -0400] - convert_pbe_des_to_aes: Finished - no DES passwords to convert.
[02/Jun/2015:12:01:56 -0400] - slapd started. Listening on All Interfaces port 389 for LDAP requests
[02/Jun/2015:12:01:57 -0400] - slapd shutting down - signaling operation threads - op stack size 0 max work q size 0 max work q stack size 0
[02/Jun/2015:12:01:57 -0400] - slapd shutting down - closing down internal subsystems and plugins
[02/Jun/2015:12:01:57 -0400] - Waiting for 4 database threads to stop
[02/Jun/2015:12:01:58 -0400] - All database threads now stopped
[02/Jun/2015:12:01:58 -0400] - slapd shutting down - freed 0 work q stack objects - freed 0 op stack objects
[02/Jun/2015:12:01:58 -0400] - slapd stopped.
[02/Jun/2015:12:01:59 -0400] - 389-Directory/1.3.4.a1 B2015.153.44 starting up
[02/Jun/2015:12:01:59 -0400] - slapd started. Listening on All Interfaces port 389 for LDAP requests
[02/Jun/2015:12:02:00 -0400] - The change of nsslapd-ldapilisten will not take effect until the server is restarted
[02/Jun/2015:12:02:00 -0400] - Warning: Adding configuration attribute "nsslapd-security"
[02/Jun/2015:12:02:01 -0400] - slapd shutting down - signaling operation threads - op stack size 2 max work q size 1 max work q stack size 1
[02/Jun/2015:12:02:01 -0400] - slapd shutting down - waiting for 1 thread to terminate
[02/Jun/2015:12:02:01 -0400] - slapd shutting down - closing down internal subsystems and plugins
[02/Jun/2015:12:02:01 -0400] - Waiting for 4 database threads to stop
[02/Jun/2015:12:02:02 -0400] - All database threads now stopped
[02/Jun/2015:12:02:02 -0400] - slapd shutting down - freed 1 work q stack objects - freed 2 op stack objects
[02/Jun/2015:12:02:03 -0400] - slapd stopped.
[02/Jun/2015:12:02:04 -0400] SSL Initialization - Configured SSL version range: min: TLS1.0, max: TLS1.2
[02/Jun/2015:12:02:05 -0400] - SSL alert: Configured NSS Ciphers
[02/Jun/2015:12:02:05 -0400] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
[02/Jun/2015:12:02:05 -0400] - SSL alert: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
[02/Jun/2015:12:02:05 -0400] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
[02/Jun/2015:12:02:05 -0400] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
[02/Jun/2015:12:02:05 -0400] - SSL alert: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
[02/Jun/2015:12:02:05 -0400] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: enabled
[02/Jun/2015:12:02:05 -0400] - SSL alert: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: enabled
[02/Jun/2015:12:02:05 -0400] - SSL alert: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
[02/Jun/2015:12:02:05 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
[02/Jun/2015:12:02:05 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
[02/Jun/2015:12:02:05 -0400] - SSL alert: TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled
[02/Jun/2015:12:02:05 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
[02/Jun/2015:12:02:05 -0400] - SSL alert: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled
[02/Jun/2015:12:02:05 -0400] - SSL alert: TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA: enabled
[02/Jun/2015:12:02:05 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
[02/Jun/2015:12:02:05 -0400] - SSL alert: TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled
[02/Jun/2015:12:02:05 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
[02/Jun/2015:12:02:05 -0400] - SSL alert: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled
[02/Jun/2015:12:02:05 -0400] - SSL alert: TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA: enabled
[02/Jun/2015:12:02:05 -0400] - SSL alert: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: enabled
[02/Jun/2015:12:02:05 -0400] - SSL alert: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: enabled
[02/Jun/2015:12:02:05 -0400] - SSL alert: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: enabled
[02/Jun/2015:12:02:05 -0400] - SSL alert: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: enabled
[02/Jun/2015:12:02:05 -0400] - SSL alert: TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
[02/Jun/2015:12:02:05 -0400] - SSL alert: TLS_RSA_WITH_AES_128_CBC_SHA: enabled
[02/Jun/2015:12:02:05 -0400] - SSL alert: TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
[02/Jun/2015:12:02:05 -0400] - SSL alert: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled
[02/Jun/2015:12:02:05 -0400] - SSL alert: TLS_RSA_WITH_AES_256_CBC_SHA: enabled
[02/Jun/2015:12:02:05 -0400] - SSL alert: TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
[02/Jun/2015:12:02:05 -0400] - SSL alert: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled
[02/Jun/2015:12:02:05 -0400] - SSL alert: TLS_RSA_WITH_SEED_CBC_SHA: enabled
[02/Jun/2015:12:02:05 -0400] - 389-Directory/1.3.4.a1 B2015.153.44 starting up
[02/Jun/2015:12:02:06 -0400] attrcrypt - No symmetric key found for cipher AES in backend userRoot, attempting to create one...
[02/Jun/2015:12:02:06 -0400] attrcrypt - Key for cipher AES successfully generated and stored
[02/Jun/2015:12:02:06 -0400] attrcrypt - No symmetric key found for cipher 3DES in backend userRoot, attempting to create one...
[02/Jun/2015:12:02:06 -0400] attrcrypt - Key for cipher 3DES successfully generated and stored
[02/Jun/2015:12:02:06 -0400] ipalockout_get_global_config - [file ipa_lockout.c, line 185]: Failed to get default realm (-1765328160)
[02/Jun/2015:12:02:06 -0400] ipaenrollment_start - [file ipa_enrollment.c, line 393]: Failed to get default realm?!
[02/Jun/2015:12:02:06 -0400] - slapd started. Listening on All Interfaces port 389 for LDAP requests
[02/Jun/2015:12:02:06 -0400] - Listening on All Interfaces port 636 for LDAPS requests
[02/Jun/2015:12:02:06 -0400] - Listening on /var/run/slapd-ZAEBA-LI.socket for LDAPI requests
[02/Jun/2015:12:02:06 -0400] - slapd shutting down - signaling operation threads - op stack size 2 max work q size 1 max work q stack size 1
[02/Jun/2015:12:02:06 -0400] - slapd shutting down - waiting for 3 threads to terminate
[02/Jun/2015:12:02:06 -0400] - slapd shutting down - closing down internal subsystems and plugins
[02/Jun/2015:12:02:07 -0400] - Waiting for 4 database threads to stop
[02/Jun/2015:12:02:07 -0400] - All database threads now stopped
[02/Jun/2015:12:02:07 -0400] - slapd shutting down - freed 1 work q stack objects - freed 2 op stack objects
[02/Jun/2015:12:02:07 -0400] - slapd stopped.
[02/Jun/2015:12:02:09 -0400] SSL Initialization - Configured SSL version range: min: TLS1.0, max: TLS1.2
[02/Jun/2015:12:02:09 -0400] - SSL alert: Configured NSS Ciphers
[02/Jun/2015:12:02:09 -0400] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
[02/Jun/2015:12:02:09 -0400] - SSL alert: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
[02/Jun/2015:12:02:09 -0400] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
[02/Jun/2015:12:02:09 -0400] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
[02/Jun/2015:12:02:09 -0400] - SSL alert: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
[02/Jun/2015:12:02:09 -0400] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: enabled
[02/Jun/2015:12:02:09 -0400] - SSL alert: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: enabled
[02/Jun/2015:12:02:09 -0400] - SSL alert: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
[02/Jun/2015:12:02:09 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
[02/Jun/2015:12:02:09 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
[02/Jun/2015:12:02:09 -0400] - SSL alert: TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled
[02/Jun/2015:12:02:09 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
[02/Jun/2015:12:02:09 -0400] - SSL alert: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled
[02/Jun/2015:12:02:09 -0400] - SSL alert: TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA: enabled
[02/Jun/2015:12:02:09 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
[02/Jun/2015:12:02:09 -0400] - SSL alert: TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled
[02/Jun/2015:12:02:09 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
[02/Jun/2015:12:02:09 -0400] - SSL alert: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled
[02/Jun/2015:12:02:09 -0400] - SSL alert: TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA: enabled
[02/Jun/2015:12:02:09 -0400] - SSL alert: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: enabled
[02/Jun/2015:12:02:09 -0400] - SSL alert: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: enabled
[02/Jun/2015:12:02:09 -0400] - SSL alert: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: enabled
[02/Jun/2015:12:02:09 -0400] - SSL alert: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: enabled
[02/Jun/2015:12:02:09 -0400] - SSL alert: TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
[02/Jun/2015:12:02:09 -0400] - SSL alert: TLS_RSA_WITH_AES_128_CBC_SHA: enabled
[02/Jun/2015:12:02:09 -0400] - SSL alert: TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
[02/Jun/2015:12:02:10 -0400] - SSL alert: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled
[02/Jun/2015:12:02:10 -0400] - SSL alert: TLS_RSA_WITH_AES_256_CBC_SHA: enabled
[02/Jun/2015:12:02:10 -0400] - SSL alert: TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
[02/Jun/2015:12:02:10 -0400] - SSL alert: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled
[02/Jun/2015:12:02:10 -0400] - SSL alert: TLS_RSA_WITH_SEED_CBC_SHA: enabled
[02/Jun/2015:12:02:10 -0400] - 389-Directory/1.3.4.a1 B2015.153.44 starting up
[02/Jun/2015:12:02:10 -0400] ipalockout_get_global_config - [file ipa_lockout.c, line 185]: Failed to get default realm (-1765328160)
[02/Jun/2015:12:02:10 -0400] ipaenrollment_start - [file ipa_enrollment.c, line 393]: Failed to get default realm?!
[02/Jun/2015:12:02:10 -0400] - slapd started. Listening on All Interfaces port 389 for LDAP requests
[02/Jun/2015:12:02:10 -0400] - Listening on All Interfaces port 636 for LDAPS requests
[02/Jun/2015:12:02:10 -0400] - Listening on /var/run/slapd-ZAEBA-LI.socket for LDAPI requests
[02/Jun/2015:12:02:12 -0400] NSMMReplicationPlugin - agmt="cn=meTotestmaster.zaeba.li" (testmaster:389): The remote replica has a different database generation ID than the local database. You may have to reinitialize the remote replica, or the local replica.
[02/Jun/2015:12:02:13 -0400] ipa-topology-plugin - ipa_topo_be_state_changebackend userRoot is going offline; inactivate plugin
[02/Jun/2015:12:02:13 -0400] NSMMReplicationPlugin - multimaster_be_state_change: replica dc=zaeba,dc=li is going offline; disabling replication
[02/Jun/2015:12:02:13 -0400] - WARNING: Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database
[02/Jun/2015:12:02:16 -0400] - import userRoot: Workers finished; cleaning up...
[02/Jun/2015:12:02:17 -0400] - import userRoot: Workers cleaned up.
[02/Jun/2015:12:02:17 -0400] - import userRoot: Indexing complete. Post-processing...
[02/Jun/2015:12:02:17 -0400] - import userRoot: Generating numsubordinates (this may take several minutes to complete)...
[02/Jun/2015:12:02:17 -0400] - import userRoot: Generating numSubordinates complete.
[02/Jun/2015:12:02:17 -0400] - import userRoot: Gathering ancestorid non-leaf IDs...
[02/Jun/2015:12:02:17 -0400] - import userRoot: Finished gathering ancestorid non-leaf IDs.
[02/Jun/2015:12:02:17 -0400] - import userRoot: Creating ancestorid index (new idl)...
[02/Jun/2015:12:02:17 -0400] - import userRoot: Created ancestorid index (new idl).
[02/Jun/2015:12:02:17 -0400] - import userRoot: Flushing caches...
[02/Jun/2015:12:02:17 -0400] - import userRoot: Closing files...
[02/Jun/2015:12:02:18 -0400] - import userRoot: Import complete. Processed 409 entries in 4 seconds. (102.25 entries/sec)
[02/Jun/2015:12:02:18 -0400] ipa-topology-plugin - ipa_topo_be_state_change - backend userRoot is coming online; checking domain level and init shared topology
[02/Jun/2015:12:02:18 -0400] NSMMReplicationPlugin - multimaster_be_state_change: replica dc=zaeba,dc=li is coming online; enabling replication
[02/Jun/2015:12:02:18 -0400] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=zaeba,dc=li--no CoS Templates found, which should be added before the CoS Definition.
[02/Jun/2015:12:02:18 -0400] NSACLPlugin - The ACL target cn=groups,cn=compat,dc=zaeba,dc=li does not exist
[02/Jun/2015:12:02:18 -0400] NSACLPlugin - The ACL target cn=computers,cn=compat,dc=zaeba,dc=li does not exist
[02/Jun/2015:12:02:18 -0400] NSACLPlugin - The ACL target cn=ng,cn=compat,dc=zaeba,dc=li does not exist
[02/Jun/2015:12:02:18 -0400] NSACLPlugin - The ACL target ou=sudoers,dc=zaeba,dc=li does not exist
[02/Jun/2015:12:02:18 -0400] NSACLPlugin - The ACL target cn=users,cn=compat,dc=zaeba,dc=li does not exist
[02/Jun/2015:12:02:18 -0400] NSACLPlugin - The ACL target cn=ad,cn=etc,dc=zaeba,dc=li does not exist
[02/Jun/2015:12:02:18 -0400] NSACLPlugin - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=zaeba,dc=li does not exist
[02/Jun/2015:12:02:18 -0400] NSACLPlugin - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=zaeba,dc=li does not exist
[02/Jun/2015:12:02:24 -0400] - slapd shutting down - signaling operation threads - op stack size 3 max work q size 1 max work q stack size 1
[02/Jun/2015:12:02:24 -0400] - slapd shutting down - waiting for 4 threads to terminate
[02/Jun/2015:12:02:24 -0400] - slapd shutting down - closing down internal subsystems and plugins
[02/Jun/2015:12:02:24 -0400] - Waiting for 4 database threads to stop
[02/Jun/2015:12:02:25 -0400] - All database threads now stopped
[02/Jun/2015:12:02:25 -0400] - slapd shutting down - freed 1 work q stack objects - freed 3 op stack objects
[02/Jun/2015:12:02:25 -0400] - slapd stopped.
[02/Jun/2015:12:02:26 -0400] SSL Initialization - Configured SSL version range: min: TLS1.0, max: TLS1.2
[02/Jun/2015:12:02:27 -0400] - SSL alert: Configured NSS Ciphers
[02/Jun/2015:12:02:27 -0400] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
[02/Jun/2015:12:02:27 -0400] - SSL alert: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
[02/Jun/2015:12:02:27 -0400] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
[02/Jun/2015:12:02:27 -0400] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
[02/Jun/2015:12:02:27 -0400] - SSL alert: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
[02/Jun/2015:12:02:27 -0400] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: enabled
[02/Jun/2015:12:02:27 -0400] - SSL alert: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: enabled
[02/Jun/2015:12:02:27 -0400] - SSL alert: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
[02/Jun/2015:12:02:27 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
[02/Jun/2015:12:02:27 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
[02/Jun/2015:12:02:27 -0400] - SSL alert: TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled
[02/Jun/2015:12:02:27 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
[02/Jun/2015:12:02:27 -0400] - SSL alert: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled
[02/Jun/2015:12:02:27 -0400] - SSL alert: TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA: enabled
[02/Jun/2015:12:02:27 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
[02/Jun/2015:12:02:27 -0400] - SSL alert: TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled
[02/Jun/2015:12:02:27 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
[02/Jun/2015:12:02:27 -0400] - SSL alert: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled
[02/Jun/2015:12:02:27 -0400] - SSL alert: TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA: enabled
[02/Jun/2015:12:02:27 -0400] - SSL alert: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: enabled
[02/Jun/2015:12:02:27 -0400] - SSL alert: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: enabled
[02/Jun/2015:12:02:27 -0400] - SSL alert: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: enabled
[02/Jun/2015:12:02:27 -0400] - SSL alert: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: enabled
[02/Jun/2015:12:02:27 -0400] - SSL alert: TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
[02/Jun/2015:12:02:27 -0400] - SSL alert: TLS_RSA_WITH_AES_128_CBC_SHA: enabled
[02/Jun/2015:12:02:27 -0400] - SSL alert: TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
[02/Jun/2015:12:02:27 -0400] - SSL alert: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled
[02/Jun/2015:12:02:27 -0400] - SSL alert: TLS_RSA_WITH_AES_256_CBC_SHA: enabled
[02/Jun/2015:12:02:28 -0400] - SSL alert: TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
[02/Jun/2015:12:02:28 -0400] - SSL alert: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled
[02/Jun/2015:12:02:28 -0400] - SSL alert: TLS_RSA_WITH_SEED_CBC_SHA: enabled
[02/Jun/2015:12:02:28 -0400] - 389-Directory/1.3.4.a1 B2015.153.44 starting up
[02/Jun/2015:12:02:28 -0400] - resizing db cache size: 20000000 -> 10000000
[02/Jun/2015:12:02:28 -0400] schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc=zaeba,dc=li
[02/Jun/2015:12:02:28 -0400] schema-compat-plugin - warning: no entries set up under cn=ng, cn=compat,dc=zaeba,dc=li
[02/Jun/2015:12:02:28 -0400] schema-compat-plugin - warning: no entries set up under ou=sudoers,dc=zaeba,dc=li
[02/Jun/2015:12:02:28 -0400] NSACLPlugin - The ACL target cn=groups,cn=compat,dc=zaeba,dc=li does not exist
[02/Jun/2015:12:02:28 -0400] NSACLPlugin - The ACL target cn=computers,cn=compat,dc=zaeba,dc=li does not exist
[02/Jun/2015:12:02:28 -0400] NSACLPlugin - The ACL target cn=ng,cn=compat,dc=zaeba,dc=li does not exist
[02/Jun/2015:12:02:29 -0400] NSACLPlugin - The ACL target ou=sudoers,dc=zaeba,dc=li does not exist
[02/Jun/2015:12:02:29 -0400] NSACLPlugin - The ACL target cn=users,cn=compat,dc=zaeba,dc=li does not exist
[02/Jun/2015:12:02:29 -0400] NSACLPlugin - The ACL target cn=ad,cn=etc,dc=zaeba,dc=li does not exist
[02/Jun/2015:12:02:29 -0400] NSACLPlugin - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=zaeba,dc=li does not exist
[02/Jun/2015:12:02:29 -0400] NSACLPlugin - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=zaeba,dc=li does not exist
[02/Jun/2015:12:02:29 -0400] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=zaeba,dc=li--no CoS Templates found, which should be added before the CoS Definition.
[02/Jun/2015:12:02:29 -0400] ipalockout_get_global_config - [file ipa_lockout.c, line 185]: Failed to get default realm (-1765328160)
[02/Jun/2015:12:02:29 -0400] ipaenrollment_start - [file ipa_enrollment.c, line 393]: Failed to get default realm?!
[02/Jun/2015:12:02:29 -0400] - slapd started. Listening on All Interfaces port 389 for LDAP requests
[02/Jun/2015:12:02:29 -0400] - Listening on All Interfaces port 636 for LDAPS requests
[02/Jun/2015:12:02:29 -0400] - Listening on /var/run/slapd-ZAEBA-LI.socket for LDAPI requests
[02/Jun/2015:12:02:29 -0400] - The change of nsslapd-maxdescriptors will not take effect until the server is restarted
[02/Jun/2015:12:03:00 -0400] attrcrypt - No symmetric key found for cipher AES in backend ipaca, attempting to create one...
[02/Jun/2015:12:03:01 -0400] attrcrypt - Key for cipher AES successfully generated and stored
[02/Jun/2015:12:03:01 -0400] attrcrypt - No symmetric key found for cipher 3DES in backend ipaca, attempting to create one...
[02/Jun/2015:12:03:01 -0400] attrcrypt - Key for cipher 3DES successfully generated and stored
[02/Jun/2015:12:03:01 -0400] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=zaeba,dc=li--no CoS Templates found, which should be added before the CoS Definition.
[02/Jun/2015:12:03:46 -0400] NSMMReplicationPlugin - multimaster_be_state_change: replica o=ipaca is going offline; disabling replication
[02/Jun/2015:12:03:46 -0400] NSMMReplicationPlugin - agmt="cn=cloneAgreement1-replica3.zaeba.li-pki-tomcat" (testmaster:389): The remote replica has a different database generation ID than the local database. You may have to reinitialize the remote replica, or the local replica.
[02/Jun/2015:12:03:46 -0400] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=zaeba,dc=li--no CoS Templates found, which should be added before the CoS Definition.
[02/Jun/2015:12:03:47 -0400] - WARNING: Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database
[02/Jun/2015:12:03:51 -0400] - import ipaca: Workers finished; cleaning up...
[02/Jun/2015:12:03:51 -0400] - import ipaca: Workers cleaned up.
[02/Jun/2015:12:03:51 -0400] - import ipaca: Indexing complete. Post-processing...
[02/Jun/2015:12:03:51 -0400] - import ipaca: Generating numsubordinates (this may take several minutes to complete)...
[02/Jun/2015:12:03:51 -0400] - import ipaca: Generating numSubordinates complete.
[02/Jun/2015:12:03:51 -0400] - import ipaca: Gathering ancestorid non-leaf IDs...
[02/Jun/2015:12:03:51 -0400] - import ipaca: Finished gathering ancestorid non-leaf IDs.
[02/Jun/2015:12:03:51 -0400] - import ipaca: Creating ancestorid index (new idl)...
[02/Jun/2015:12:03:51 -0400] - import ipaca: Created ancestorid index (new idl).
[02/Jun/2015:12:03:51 -0400] - import ipaca: Flushing caches...
[02/Jun/2015:12:03:51 -0400] - import ipaca: Closing files...
[02/Jun/2015:12:03:52 -0400] - import ipaca: Import complete. Processed 82 entries in 6 seconds. (13.67 entries/sec)
[02/Jun/2015:12:03:52 -0400] NSMMReplicationPlugin - multimaster_be_state_change: replica o=ipaca is coming online; enabling replication
[02/Jun/2015:12:03:52 -0400] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=zaeba,dc=li--no CoS Templates found, which should be added before the CoS Definition.
[02/Jun/2015:12:03:55 -0400] - ipaca: Indexing VLV: allCerts-pki-tomcatIndex
[02/Jun/2015:12:03:56 -0400] - ipaca: Indexing VLV: allExpiredCerts-pki-tomcatIndex
[02/Jun/2015:12:03:56 -0400] - ipaca: Indexing VLV: allInvalidCerts-pki-tomcatIndex
[02/Jun/2015:12:03:56 -0400] - ipaca: Indexing VLV: allInValidCertsNotBefore-pki-tomcatIndex
[02/Jun/2015:12:03:56 -0400] - ipaca: Indexing VLV: allNonRevokedCerts-pki-tomcatIndex
[02/Jun/2015:12:03:56 -0400] - ipaca: Indexing VLV: allRevokedCaCerts-pki-tomcatIndex
[02/Jun/2015:12:03:56 -0400] - ipaca: Indexing VLV: allRevokedCerts-pki-tomcatIndex
[02/Jun/2015:12:03:56 -0400] - ipaca: Indexing VLV: allRevokedCertsNotAfter-pki-tomcatIndex
[02/Jun/2015:12:03:56 -0400] - ipaca: Indexing VLV: allRevokedExpiredCerts-pki-tomcatIndex
[02/Jun/2015:12:03:56 -0400] - ipaca: Indexing VLV: allRevokedOrRevokedExpiredCaCerts-pki-tomcatIndex
[02/Jun/2015:12:03:56 -0400] - ipaca: Indexing VLV: allRevokedOrRevokedExpiredCerts-pki-tomcatIndex
[02/Jun/2015:12:03:56 -0400] - ipaca: Indexing VLV: allValidCerts-pki-tomcatIndex
[02/Jun/2015:12:03:56 -0400] - ipaca: Indexing VLV: allValidCertsNotAfter-pki-tomcatIndex
[02/Jun/2015:12:03:56 -0400] - ipaca: Indexing VLV: allValidOrRevokedCerts-pki-tomcatIndex
[02/Jun/2015:12:03:56 -0400] - ipaca: Indexing VLV: caAll-pki-tomcatIndex
[02/Jun/2015:12:03:56 -0400] - ipaca: Indexing VLV: caCanceled-pki-tomcatIndex
[02/Jun/2015:12:03:56 -0400] - ipaca: Indexing VLV: caCanceledEnrollment-pki-tomcatIndex
[02/Jun/2015:12:03:56 -0400] - ipaca: Indexing VLV: caCanceledRenewal-pki-tomcatIndex
[02/Jun/2015:12:03:56 -0400] - ipaca: Indexing VLV: caCanceledRevocation-pki-tomcatIndex
[02/Jun/2015:12:03:56 -0400] - ipaca: Indexing VLV: caComplete-pki-tomcatIndex
[02/Jun/2015:12:03:56 -0400] - ipaca: Indexing VLV: caCompleteEnrollment-pki-tomcatIndex
[02/Jun/2015:12:03:56 -0400] - ipaca: Indexing VLV: caCompleteRenewal-pki-tomcatIndex
[02/Jun/2015:12:03:56 -0400] - ipaca: Indexing VLV: caCompleteRevocation-pki-tomcatIndex
[02/Jun/2015:12:03:56 -0400] - ipaca: Indexing VLV: caEnrollment-pki-tomcatIndex
[02/Jun/2015:12:03:56 -0400] - ipaca: Indexing VLV: caPending-pki-tomcatIndex
[02/Jun/2015:12:03:56 -0400] - ipaca: Indexing VLV: caPendingEnrollment-pki-tomcatIndex
[02/Jun/2015:12:03:57 -0400] - ipaca: Indexing VLV: caPendingRenewal-pki-tomcatIndex
[02/Jun/2015:12:03:57 -0400] - ipaca: Indexing VLV: caPendingRevocation-pki-tomcatIndex
[02/Jun/2015:12:03:57 -0400] - ipaca: Indexing VLV: caRejected-pki-tomcatIndex
[02/Jun/2015:12:03:57 -0400] - ipaca: Indexing VLV: caRejectedEnrollment-pki-tomcatIndex
[02/Jun/2015:12:03:57 -0400] - ipaca: Indexing VLV: caRejectedRenewal-pki-tomcatIndex
[02/Jun/2015:12:03:57 -0400] - ipaca: Indexing VLV: caRejectedRevocation-pki-tomcatIndex
[02/Jun/2015:12:03:57 -0400] - ipaca: Indexing VLV: caRenewal-pki-tomcatIndex
[02/Jun/2015:12:03:57 -0400] - ipaca: Indexing VLV: caRevocation-pki-tomcatIndex
[02/Jun/2015:12:04:00 -0400] - ipaca: Finished indexing.
[02/Jun/2015:12:04:27 -0400] - slapd shutting down - signaling operation threads - op stack size 3 max work q size 2 max work q stack size 2
[02/Jun/2015:12:04:27 -0400] - slapd shutting down - closing down internal subsystems and plugins
[02/Jun/2015:12:04:28 -0400] - Waiting for 4 database threads to stop
[02/Jun/2015:12:04:29 -0400] - All database threads now stopped
[02/Jun/2015:12:04:29 -0400] - slapd shutting down - freed 2 work q stack objects - freed 3 op stack objects
[02/Jun/2015:12:04:29 -0400] - slapd stopped.
[02/Jun/2015:12:04:31 -0400] SSL Initialization - Configured SSL version range: min: TLS1.0, max: TLS1.2
[02/Jun/2015:12:04:31 -0400] - SSL alert: Configured NSS Ciphers
[02/Jun/2015:12:04:31 -0400] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
[02/Jun/2015:12:04:31 -0400] - SSL alert: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
[02/Jun/2015:12:04:31 -0400] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
[02/Jun/2015:12:04:31 -0400] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
[02/Jun/2015:12:04:31 -0400] - SSL alert: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
[02/Jun/2015:12:04:31 -0400] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: enabled
[02/Jun/2015:12:04:31 -0400] - SSL alert: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: enabled
[02/Jun/2015:12:04:31 -0400] - SSL alert: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
[02/Jun/2015:12:04:31 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
[02/Jun/2015:12:04:31 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
[02/Jun/2015:12:04:31 -0400] - SSL alert: TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled
[02/Jun/2015:12:04:31 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
[02/Jun/2015:12:04:31 -0400] - SSL alert: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled
[02/Jun/2015:12:04:32 -0400] - SSL alert: TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA: enabled
[02/Jun/2015:12:04:32 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
[02/Jun/2015:12:04:32 -0400] - SSL alert: TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled
[02/Jun/2015:12:04:32 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
[02/Jun/2015:12:04:32 -0400] - SSL alert: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled
[02/Jun/2015:12:04:32 -0400] - SSL alert: TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA: enabled
[02/Jun/2015:12:04:32 -0400] - SSL alert: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: enabled
[02/Jun/2015:12:04:32 -0400] - SSL alert: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: enabled
[02/Jun/2015:12:04:32 -0400] - SSL alert: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: enabled
[02/Jun/2015:12:04:32 -0400] - SSL alert: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: enabled
[02/Jun/2015:12:04:32 -0400] - SSL alert: TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
[02/Jun/2015:12:04:32 -0400] - SSL alert: TLS_RSA_WITH_AES_128_CBC_SHA: enabled
[02/Jun/2015:12:04:32 -0400] - SSL alert: TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
[02/Jun/2015:12:04:32 -0400] - SSL alert: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled
[02/Jun/2015:12:04:32 -0400] - SSL alert: TLS_RSA_WITH_AES_256_CBC_SHA: enabled
[02/Jun/2015:12:04:32 -0400] - SSL alert: TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
[02/Jun/2015:12:04:32 -0400] - SSL alert: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled
[02/Jun/2015:12:04:32 -0400] - SSL alert: TLS_RSA_WITH_SEED_CBC_SHA: enabled
[02/Jun/2015:12:04:32 -0400] - 389-Directory/1.3.4.a1 B2015.153.44 starting up
[02/Jun/2015:12:04:32 -0400] - resizing db cache size: 20000000 -> 10000000
[02/Jun/2015:12:04:33 -0400] schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc=zaeba,dc=li
[02/Jun/2015:12:04:33 -0400] schema-compat-plugin - warning: no entries set up under cn=ng, cn=compat,dc=zaeba,dc=li
[02/Jun/2015:12:04:33 -0400] schema-compat-plugin - warning: no entries set up under ou=sudoers,dc=zaeba,dc=li
[02/Jun/2015:12:04:33 -0400] NSACLPlugin - The ACL target cn=groups,cn=compat,dc=zaeba,dc=li does not exist
[02/Jun/2015:12:04:33 -0400] NSACLPlugin - The ACL target cn=computers,cn=compat,dc=zaeba,dc=li does not exist
[02/Jun/2015:12:04:33 -0400] NSACLPlugin - The ACL target cn=ng,cn=compat,dc=zaeba,dc=li does not exist
[02/Jun/2015:12:04:33 -0400] NSACLPlugin - The ACL target ou=sudoers,dc=zaeba,dc=li does not exist
[02/Jun/2015:12:04:33 -0400] NSACLPlugin - The ACL target cn=users,cn=compat,dc=zaeba,dc=li does not exist
[02/Jun/2015:12:04:33 -0400] NSACLPlugin - The ACL target cn=ad,cn=etc,dc=zaeba,dc=li does not exist
[02/Jun/2015:12:04:33 -0400] NSACLPlugin - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=zaeba,dc=li does not exist
[02/Jun/2015:12:04:33 -0400] NSACLPlugin - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=zaeba,dc=li does not exist
[02/Jun/2015:12:04:33 -0400] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=zaeba,dc=li--no CoS Templates found, which should be added before the CoS Definition.
[02/Jun/2015:12:04:33 -0400] ipalockout_get_global_config - [file ipa_lockout.c, line 185]: Failed to get default realm (-1765328160)
[02/Jun/2015:12:04:33 -0400] ipaenrollment_start - [file ipa_enrollment.c, line 393]: Failed to get default realm?!
[02/Jun/2015:12:04:33 -0400] - slapd started. Listening on All Interfaces port 389 for LDAP requests
[02/Jun/2015:12:04:33 -0400] - Listening on All Interfaces port 636 for LDAPS requests
[02/Jun/2015:12:04:33 -0400] - Listening on /var/run/slapd-ZAEBA-LI.socket for LDAPI requests
[02/Jun/2015:12:05:09 -0400] set_krb5_creds - Could not get initial credentials for principal [ldap/replica3.zaeba.li at ZAEBA.LI] in keytab [FILE:/etc/krb5.keytab]: -1765328228 (Cannot contact any KDC for requested realm)
[02/Jun/2015:12:05:09 -0400] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) errno 0 (Success)
[02/Jun/2015:12:05:09 -0400] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error)
[02/Jun/2015:12:05:10 -0400] NSMMReplicationPlugin - agmt="cn=meTotestmaster.zaeba.li" (testmaster:389): Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available))
[02/Jun/2015:12:05:14 -0400] set_krb5_creds - Could not get initial credentials for principal [ldap/replica3.zaeba.li at ZAEBA.LI] in keytab [FILE:/etc/krb5.keytab]: 13 (Permission denied)
[02/Jun/2015:12:05:14 -0400] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) errno 0 (Success)
[02/Jun/2015:12:05:14 -0400] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error)
[02/Jun/2015:12:05:20 -0400] - slapd shutting down - signaling operation threads - op stack size 2 max work q size 2 max work q stack size 2
[02/Jun/2015:12:05:20 -0400] - slapd shutting down - waiting for 4 threads to terminate
[02/Jun/2015:12:05:20 -0400] - slapd shutting down - closing down internal subsystems and plugins
[02/Jun/2015:12:05:47 -0400] set_krb5_creds - Could not get initial credentials for principal [ldap/replica3.zaeba.li at ZAEBA.LI] in keytab [FILE:/etc/krb5.keytab]: -1765328228 (Cannot contact any KDC for requested realm)
[02/Jun/2015:12:05:48 -0400] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) errno 0 (Success)
[02/Jun/2015:12:05:48 -0400] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error)
[02/Jun/2015:12:05:48 -0400] - Waiting for 4 database threads to stop
[02/Jun/2015:12:05:49 -0400] - All database threads now stopped
[02/Jun/2015:12:05:49 -0400] - slapd shutting down - freed 2 work q stack objects - freed 3 op stack objects
[02/Jun/2015:12:05:49 -0400] - slapd stopped.
[02/Jun/2015:12:05:51 -0400] - Information: Non-Secure Port Disabled
[02/Jun/2015:12:05:51 -0400] - 389-Directory/1.3.4.a1 B2015.153.44 starting up
[02/Jun/2015:12:05:51 -0400] schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc=zaeba,dc=li
[02/Jun/2015:12:05:51 -0400] schema-compat-plugin - warning: no entries set up under cn=ng, cn=compat,dc=zaeba,dc=li
[02/Jun/2015:12:05:52 -0400] schema-compat-plugin - warning: no entries set up under ou=sudoers,dc=zaeba,dc=li
[02/Jun/2015:12:05:52 -0400] NSACLPlugin - The ACL target cn=groups,cn=compat,dc=zaeba,dc=li does not exist
[02/Jun/2015:12:05:52 -0400] NSACLPlugin - The ACL target cn=computers,cn=compat,dc=zaeba,dc=li does not exist
[02/Jun/2015:12:05:52 -0400] NSACLPlugin - The ACL target cn=ng,cn=compat,dc=zaeba,dc=li does not exist
[02/Jun/2015:12:05:52 -0400] NSACLPlugin - The ACL target ou=sudoers,dc=zaeba,dc=li does not exist
[02/Jun/2015:12:05:52 -0400] NSACLPlugin - The ACL target cn=users,cn=compat,dc=zaeba,dc=li does not exist
[02/Jun/2015:12:05:52 -0400] NSACLPlugin - The ACL target cn=ad,cn=etc,dc=zaeba,dc=li does not exist
[02/Jun/2015:12:05:52 -0400] NSACLPlugin - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=zaeba,dc=li does not exist
[02/Jun/2015:12:05:52 -0400] NSACLPlugin - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=zaeba,dc=li does not exist
[02/Jun/2015:12:05:52 -0400] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=zaeba,dc=li--no CoS Templates found, which should be added before the CoS Definition.
[02/Jun/2015:12:05:52 -0400] set_krb5_creds - Could not get initial credentials for principal [ldap/replica3.zaeba.li at ZAEBA.LI] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328324 (Generic error (see e-text))
[02/Jun/2015:12:05:52 -0400] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) errno 0 (Success)
[02/Jun/2015:12:05:52 -0400] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error)
[02/Jun/2015:12:05:52 -0400] NSMMReplicationPlugin - agmt="cn=meTotestmaster.zaeba.li" (testmaster:389): Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available))
[02/Jun/2015:12:05:53 -0400] - slapd started. Listening on /var/run/slapd-ZAEBA-LI.socket for LDAPI requests
[02/Jun/2015:12:05:55 -0400] schema-compat-plugin - warning: no entries set up under ou=sudoers,dc=zaeba,dc=li
[02/Jun/2015:12:05:55 -0400] schema-compat-plugin - warning: no entries set up under cn=ng, cn=compat,dc=zaeba,dc=li
[02/Jun/2015:12:05:55 -0400] schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc=zaeba,dc=li
[02/Jun/2015:12:05:55 -0400] schema-compat-plugin - warning: no entries set up under ou=sudoers,dc=zaeba,dc=li
[02/Jun/2015:12:05:56 -0400] NSMMReplicationPlugin - agmt="cn=meTotestmaster.zaeba.li" (testmaster:389): Replication bind with GSSAPI auth resumed
[02/Jun/2015:12:06:01 -0400] - userRoot: Indexing attribute: memberuid
[02/Jun/2015:12:06:01 -0400] - userRoot: Finished indexing.
[02/Jun/2015:12:06:07 -0400] - userRoot: Indexing attribute: member
[02/Jun/2015:12:06:21 -0400] - userRoot: Finished indexing.
[02/Jun/2015:12:06:26 -0400] - userRoot: Indexing attribute: uniquemember
[02/Jun/2015:12:06:27 -0400] - userRoot: Finished indexing.
[02/Jun/2015:12:06:32 -0400] - userRoot: Indexing attribute: owner
[02/Jun/2015:12:06:33 -0400] - userRoot: Finished indexing.
[02/Jun/2015:12:06:38 -0400] - userRoot: Indexing attribute: seeAlso
[02/Jun/2015:12:06:39 -0400] - userRoot: Finished indexing.
[02/Jun/2015:12:06:45 -0400] - userRoot: Indexing attribute: ipatokenradiusconfiglink
[02/Jun/2015:12:06:45 -0400] - userRoot: Finished indexing.
[02/Jun/2015:12:06:51 -0400] - userRoot: Indexing attribute: ipaassignedidview
[02/Jun/2015:12:06:51 -0400] - userRoot: Finished indexing.
[02/Jun/2015:12:06:57 -0400] - userRoot: Indexing attribute: ntUniqueId
[02/Jun/2015:12:06:57 -0400] - userRoot: Finished indexing.
[02/Jun/2015:12:07:03 -0400] - userRoot: Indexing attribute: ntUserDomainId
[02/Jun/2015:12:07:03 -0400] - userRoot: Finished indexing.
[02/Jun/2015:12:07:05 -0400] memberof-plugin - Memberof task starts (arg: (objectclass=*)) ...
[02/Jun/2015:12:07:06 -0400] memberof-plugin - Memberof task starts (arg: (objectclass=*)) ...
[02/Jun/2015:12:07:08 -0400] memberof-plugin - Memberof task finished (arg: (objectclass=*)) ...
[02/Jun/2015:12:07:08 -0400] memberof-plugin - Memberof task finished (arg: (objectclass=*)) ...
[02/Jun/2015:12:07:10 -0400] NSMMReplicationPlugin - agmt="cn=meTotestmaster.zaeba.li" (testmaster:389): Warning: Attempting to release replica, but unable to receive endReplication extended operation response from the replica. Error -5 (Timed out)
[02/Jun/2015:12:07:10 -0400] NSMMReplicationPlugin - agmt="cn=meTotestmaster.zaeba.li" (testmaster:389): Unable to receive the response for a startReplication extended operation to consumer (Timed out). Will retry later.
[02/Jun/2015:12:07:10 -0400] - slapd shutting down - signaling operation threads - op stack size 3 max work q size 2 max work q stack size 2
[02/Jun/2015:12:07:10 -0400] - slapd shutting down - waiting for 1 thread to terminate
[02/Jun/2015:12:07:10 -0400] - slapd shutting down - closing down internal subsystems and plugins
[02/Jun/2015:12:07:14 -0400] - Waiting for 4 database threads to stop
[02/Jun/2015:12:07:14 -0400] - All database threads now stopped
[02/Jun/2015:12:07:14 -0400] - slapd shutting down - freed 2 work q stack objects - freed 3 op stack objects
[02/Jun/2015:12:07:14 -0400] - slapd stopped.
[02/Jun/2015:12:07:15 -0400] SSL Initialization - Configured SSL version range: min: TLS1.0, max: TLS1.2
[02/Jun/2015:12:07:15 -0400] - SSL alert: Configured NSS Ciphers
[02/Jun/2015:12:07:15 -0400] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
[02/Jun/2015:12:07:15 -0400] - SSL alert: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
[02/Jun/2015:12:07:15 -0400] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
[02/Jun/2015:12:07:15 -0400] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
[02/Jun/2015:12:07:15 -0400] - SSL alert: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
[02/Jun/2015:12:07:15 -0400] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: enabled
[02/Jun/2015:12:07:15 -0400] - SSL alert: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: enabled
[02/Jun/2015:12:07:15 -0400] - SSL alert: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
[02/Jun/2015:12:07:15 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
[02/Jun/2015:12:07:16 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
[02/Jun/2015:12:07:16 -0400] - SSL alert: TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled
[02/Jun/2015:12:07:16 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
[02/Jun/2015:12:07:16 -0400] - SSL alert: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled
[02/Jun/2015:12:07:16 -0400] - SSL alert: TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA: enabled
[02/Jun/2015:12:07:16 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
[02/Jun/2015:12:07:16 -0400] - SSL alert: TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled
[02/Jun/2015:12:07:16 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
[02/Jun/2015:12:07:16 -0400] - SSL alert: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled
[02/Jun/2015:12:07:16 -0400] - SSL alert: TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA: enabled
[02/Jun/2015:12:07:16 -0400] - SSL alert: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: enabled
[02/Jun/2015:12:07:16 -0400] - SSL alert: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: enabled
[02/Jun/2015:12:07:16 -0400] - SSL alert: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: enabled
[02/Jun/2015:12:07:16 -0400] - SSL alert: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: enabled
[02/Jun/2015:12:07:16 -0400] - SSL alert: TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
[02/Jun/2015:12:07:16 -0400] - SSL alert: TLS_RSA_WITH_AES_128_CBC_SHA: enabled
[02/Jun/2015:12:07:16 -0400] - SSL alert: TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
[02/Jun/2015:12:07:16 -0400] - SSL alert: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled
[02/Jun/2015:12:07:16 -0400] - SSL alert: TLS_RSA_WITH_AES_256_CBC_SHA: enabled
[02/Jun/2015:12:07:16 -0400] - SSL alert: TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
[02/Jun/2015:12:07:16 -0400] - SSL alert: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled
[02/Jun/2015:12:07:16 -0400] - SSL alert: TLS_RSA_WITH_SEED_CBC_SHA: enabled
[02/Jun/2015:12:07:16 -0400] - 389-Directory/1.3.4.a1 B2015.153.44 starting up
[02/Jun/2015:12:07:17 -0400] schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc=zaeba,dc=li
[02/Jun/2015:12:07:17 -0400] schema-compat-plugin - warning: no entries set up under cn=ng, cn=compat,dc=zaeba,dc=li
[02/Jun/2015:12:07:17 -0400] schema-compat-plugin - warning: no entries set up under ou=sudoers,dc=zaeba,dc=li
[02/Jun/2015:12:07:17 -0400] NSACLPlugin - The ACL target cn=groups,cn=compat,dc=zaeba,dc=li does not exist
[02/Jun/2015:12:07:17 -0400] NSACLPlugin - The ACL target cn=computers,cn=compat,dc=zaeba,dc=li does not exist
[02/Jun/2015:12:07:17 -0400] NSACLPlugin - The ACL target cn=ng,cn=compat,dc=zaeba,dc=li does not exist
[02/Jun/2015:12:07:17 -0400] NSACLPlugin - The ACL target ou=sudoers,dc=zaeba,dc=li does not exist
[02/Jun/2015:12:07:17 -0400] NSACLPlugin - The ACL target cn=users,cn=compat,dc=zaeba,dc=li does not exist
[02/Jun/2015:12:07:17 -0400] NSACLPlugin - The ACL target cn=ad,cn=etc,dc=zaeba,dc=li does not exist
[02/Jun/2015:12:07:17 -0400] NSACLPlugin - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=zaeba,dc=li does not exist
[02/Jun/2015:12:07:17 -0400] NSACLPlugin - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=zaeba,dc=li does not exist
[02/Jun/2015:12:07:18 -0400] NSACLPlugin - The ACL target cn=automember rebuild membership,cn=tasks,cn=config does not exist
[02/Jun/2015:12:07:18 -0400] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=zaeba,dc=li--no CoS Templates found, which should be added before the CoS Definition.
[02/Jun/2015:12:07:18 -0400] set_krb5_creds - Could not get initial credentials for principal [ldap/replica3.zaeba.li at ZAEBA.LI] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328324 (Generic error (see e-text))
[02/Jun/2015:12:07:18 -0400] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) errno 0 (Success)
[02/Jun/2015:12:07:18 -0400] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error)
[02/Jun/2015:12:07:18 -0400] NSMMReplicationPlugin - agmt="cn=meTotestmaster.zaeba.li" (testmaster:389): Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available))
[02/Jun/2015:12:07:18 -0400] attrcrypt - No symmetric key found for cipher AES in backend changelog, attempting to create one...
[02/Jun/2015:12:07:18 -0400] attrcrypt - Key for cipher AES successfully generated and stored
[02/Jun/2015:12:07:18 -0400] attrcrypt - No symmetric key found for cipher 3DES in backend changelog, attempting to create one...
[02/Jun/2015:12:07:18 -0400] attrcrypt - Key for cipher 3DES successfully generated and stored
[02/Jun/2015:12:07:20 -0400] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=zaeba,dc=li--no CoS Templates found, which should be added before the CoS Definition.
[02/Jun/2015:12:07:20 -0400] - slapd started. Listening on All Interfaces port 389 for LDAP requests
[02/Jun/2015:12:07:20 -0400] - Listening on All Interfaces port 636 for LDAPS requests
[02/Jun/2015:12:07:20 -0400] - Listening on /var/run/slapd-ZAEBA-LI.socket for LDAPI requests
[02/Jun/2015:12:07:20 -0400] - slapd shutting down - signaling operation threads - op stack size 1 max work q size 1 max work q stack size 1
[02/Jun/2015:12:07:20 -0400] - slapd shutting down - waiting for 2 threads to terminate
[02/Jun/2015:12:07:20 -0400] - slapd shutting down - closing down internal subsystems and plugins
[02/Jun/2015:12:07:20 -0400] - Waiting for 4 database threads to stop
[02/Jun/2015:12:07:21 -0400] - All database threads now stopped
[02/Jun/2015:12:07:21 -0400] - slapd shutting down - freed 1 work q stack objects - freed 1 op stack objects
[02/Jun/2015:12:07:21 -0400] - slapd stopped.
[02/Jun/2015:12:07:22 -0400] SSL Initialization - Configured SSL version range: min: TLS1.0, max: TLS1.2
[02/Jun/2015:12:07:23 -0400] - SSL alert: Configured NSS Ciphers
[02/Jun/2015:12:07:23 -0400] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
[02/Jun/2015:12:07:23 -0400] - SSL alert: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
[02/Jun/2015:12:07:23 -0400] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
[02/Jun/2015:12:07:23 -0400] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
[02/Jun/2015:12:07:23 -0400] - SSL alert: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
[02/Jun/2015:12:07:23 -0400] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: enabled
[02/Jun/2015:12:07:23 -0400] - SSL alert: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: enabled
[02/Jun/2015:12:07:23 -0400] - SSL alert: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
[02/Jun/2015:12:07:23 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
[02/Jun/2015:12:07:23 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
[02/Jun/2015:12:07:23 -0400] - SSL alert: TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled
[02/Jun/2015:12:07:23 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
[02/Jun/2015:12:07:23 -0400] - SSL alert: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled
[02/Jun/2015:12:07:23 -0400] - SSL alert: TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA: enabled
[02/Jun/2015:12:07:23 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
[02/Jun/2015:12:07:23 -0400] - SSL alert: TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled
[02/Jun/2015:12:07:23 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
[02/Jun/2015:12:07:23 -0400] - SSL alert: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled
[02/Jun/2015:12:07:23 -0400] - SSL alert: TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA: enabled
[02/Jun/2015:12:07:23 -0400] - SSL alert: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: enabled
[02/Jun/2015:12:07:23 -0400] - SSL alert: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: enabled
[02/Jun/2015:12:07:23 -0400] - SSL alert: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: enabled
[02/Jun/2015:12:07:23 -0400] - SSL alert: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: enabled
[02/Jun/2015:12:07:23 -0400] - SSL alert: TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
[02/Jun/2015:12:07:23 -0400] - SSL alert: TLS_RSA_WITH_AES_128_CBC_SHA: enabled
[02/Jun/2015:12:07:23 -0400] - SSL alert: TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
[02/Jun/2015:12:07:23 -0400] - SSL alert: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled
[02/Jun/2015:12:07:23 -0400] - SSL alert: TLS_RSA_WITH_AES_256_CBC_SHA: enabled
[02/Jun/2015:12:07:24 -0400] - SSL alert: TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
[02/Jun/2015:12:07:24 -0400] - SSL alert: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled
[02/Jun/2015:12:07:24 -0400] - SSL alert: TLS_RSA_WITH_SEED_CBC_SHA: enabled
[02/Jun/2015:12:07:24 -0400] - 389-Directory/1.3.4.a1 B2015.153.44 starting up
[02/Jun/2015:12:07:24 -0400] schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc=zaeba,dc=li
[02/Jun/2015:12:07:24 -0400] schema-compat-plugin - warning: no entries set up under cn=ng, cn=compat,dc=zaeba,dc=li
[02/Jun/2015:12:07:24 -0400] schema-compat-plugin - warning: no entries set up under ou=sudoers,dc=zaeba,dc=li
[02/Jun/2015:12:07:24 -0400] NSACLPlugin - The ACL target cn=groups,cn=compat,dc=zaeba,dc=li does not exist
[02/Jun/2015:12:07:24 -0400] NSACLPlugin - The ACL target cn=computers,cn=compat,dc=zaeba,dc=li does not exist
[02/Jun/2015:12:07:24 -0400] NSACLPlugin - The ACL target cn=ng,cn=compat,dc=zaeba,dc=li does not exist
[02/Jun/2015:12:07:24 -0400] NSACLPlugin - The ACL target ou=sudoers,dc=zaeba,dc=li does not exist
[02/Jun/2015:12:07:24 -0400] NSACLPlugin - The ACL target cn=users,cn=compat,dc=zaeba,dc=li does not exist
[02/Jun/2015:12:07:24 -0400] NSACLPlugin - The ACL target cn=ad,cn=etc,dc=zaeba,dc=li does not exist
[02/Jun/2015:12:07:24 -0400] NSACLPlugin - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=zaeba,dc=li does not exist
[02/Jun/2015:12:07:24 -0400] NSACLPlugin - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=zaeba,dc=li does not exist
[02/Jun/2015:12:07:25 -0400] NSACLPlugin - The ACL target cn=automember rebuild membership,cn=tasks,cn=config does not exist
[02/Jun/2015:12:07:25 -0400] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=zaeba,dc=li--no CoS Templates found, which should be added before the CoS Definition.
[02/Jun/2015:12:07:25 -0400] set_krb5_creds - Could not get initial credentials for principal [ldap/replica3.zaeba.li at ZAEBA.LI] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328324 (Generic error (see e-text))
[02/Jun/2015:12:07:25 -0400] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)) errno 0 (Success)
[02/Jun/2015:12:07:25 -0400] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local error)
[02/Jun/2015:12:07:25 -0400] NSMMReplicationPlugin - agmt="cn=meTotestmaster.zaeba.li" (testmaster:389): Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available))
[02/Jun/2015:12:07:25 -0400] - slapd started. Listening on All Interfaces port 389 for LDAP requests
[02/Jun/2015:12:07:25 -0400] - Listening on All Interfaces port 636 for LDAPS requests
[02/Jun/2015:12:07:25 -0400] - Listening on /var/run/slapd-ZAEBA-LI.socket for LDAPI requests
[02/Jun/2015:12:07:28 -0400] NSMMReplicationPlugin - agmt="cn=meTotestmaster.zaeba.li" (testmaster:389): Replication bind with GSSAPI auth resumed
[02/Jun/2015:12:09:10 -0400] - slapd shutting down - signaling operation threads - op stack size 6 max work q size 1 max work q stack size 1
[02/Jun/2015:12:09:10 -0400] - slapd shutting down - closing down internal subsystems and plugins
[02/Jun/2015:12:09:12 -0400] - Waiting for 4 database threads to stop
[02/Jun/2015:12:09:12 -0400] - All database threads now stopped
[02/Jun/2015:12:09:12 -0400] - slapd shutting down - freed 1 work q stack objects - freed 6 op stack objects
[02/Jun/2015:12:09:13 -0400] - slapd stopped.
[03/Jun/2015:03:45:26 -0400] SSL Initialization - Configured SSL version range: min: TLS1.0, max: TLS1.2
[03/Jun/2015:03:45:26 -0400] - SSL alert: Configured NSS Ciphers
[03/Jun/2015:03:45:26 -0400] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
[03/Jun/2015:03:45:26 -0400] - SSL alert: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
[03/Jun/2015:03:45:26 -0400] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
[03/Jun/2015:03:45:27 -0400] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
[03/Jun/2015:03:45:27 -0400] - SSL alert: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
[03/Jun/2015:03:45:27 -0400] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: enabled
[03/Jun/2015:03:45:27 -0400] - SSL alert: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: enabled
[03/Jun/2015:03:45:27 -0400] - SSL alert: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
[03/Jun/2015:03:45:27 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
[03/Jun/2015:03:45:27 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
[03/Jun/2015:03:45:27 -0400] - SSL alert: TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled
[03/Jun/2015:03:45:27 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
[03/Jun/2015:03:45:28 -0400] - SSL alert: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled
[03/Jun/2015:03:45:28 -0400] - SSL alert: TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA: enabled
[03/Jun/2015:03:45:28 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
[03/Jun/2015:03:45:28 -0400] - SSL alert: TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled
[03/Jun/2015:03:45:28 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
[03/Jun/2015:03:45:28 -0400] - SSL alert: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled
[03/Jun/2015:03:45:28 -0400] - SSL alert: TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA: enabled
[03/Jun/2015:03:45:28 -0400] - SSL alert: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: enabled
[03/Jun/2015:03:45:28 -0400] - SSL alert: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: enabled
[03/Jun/2015:03:45:29 -0400] - SSL alert: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: enabled
[03/Jun/2015:03:45:29 -0400] - SSL alert: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: enabled
[03/Jun/2015:03:45:29 -0400] - SSL alert: TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
[03/Jun/2015:03:45:29 -0400] - SSL alert: TLS_RSA_WITH_AES_128_CBC_SHA: enabled
[03/Jun/2015:03:45:29 -0400] - SSL alert: TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
[03/Jun/2015:03:45:29 -0400] - SSL alert: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled
[03/Jun/2015:03:45:29 -0400] - SSL alert: TLS_RSA_WITH_AES_256_CBC_SHA: enabled
[03/Jun/2015:03:45:29 -0400] - SSL alert: TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
[03/Jun/2015:03:45:29 -0400] - SSL alert: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled
[03/Jun/2015:03:45:29 -0400] - SSL alert: TLS_RSA_WITH_SEED_CBC_SHA: enabled
[03/Jun/2015:03:45:30 -0400] - 389-Directory/1.3.4.a1 B2015.153.44 starting up
[03/Jun/2015:03:45:31 -0400] schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc=zaeba,dc=li
[03/Jun/2015:03:45:32 -0400] schema-compat-plugin - warning: no entries set up under cn=ng, cn=compat,dc=zaeba,dc=li
[03/Jun/2015:03:45:32 -0400] schema-compat-plugin - warning: no entries set up under ou=sudoers,dc=zaeba,dc=li
[03/Jun/2015:03:45:32 -0400] NSACLPlugin - The ACL target cn=groups,cn=compat,dc=zaeba,dc=li does not exist
[03/Jun/2015:03:45:32 -0400] NSACLPlugin - The ACL target cn=computers,cn=compat,dc=zaeba,dc=li does not exist
[03/Jun/2015:03:45:32 -0400] NSACLPlugin - The ACL target cn=ng,cn=compat,dc=zaeba,dc=li does not exist
[03/Jun/2015:03:45:32 -0400] NSACLPlugin - The ACL target ou=sudoers,dc=zaeba,dc=li does not exist
[03/Jun/2015:03:45:32 -0400] NSACLPlugin - The ACL target cn=users,cn=compat,dc=zaeba,dc=li does not exist
[03/Jun/2015:03:45:32 -0400] NSACLPlugin - The ACL target cn=ad,cn=etc,dc=zaeba,dc=li does not exist
[03/Jun/2015:03:45:32 -0400] NSACLPlugin - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=zaeba,dc=li does not exist
[03/Jun/2015:03:45:33 -0400] NSACLPlugin - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=zaeba,dc=li does not exist
[03/Jun/2015:03:45:33 -0400] NSACLPlugin - The ACL target cn=automember rebuild membership,cn=tasks,cn=config does not exist
[03/Jun/2015:03:45:33 -0400] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=zaeba,dc=li--no CoS Templates found, which should be added before the CoS Definition.
[03/Jun/2015:03:45:33 -0400] set_krb5_creds - Could not get initial credentials for principal [ldap/replica3.zaeba.li at ZAEBA.LI] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any KDC for requested realm)
[03/Jun/2015:03:45:33 -0400] - slapd started. Listening on All Interfaces port 389 for LDAP requests
[03/Jun/2015:03:45:33 -0400] - Listening on All Interfaces port 636 for LDAPS requests
[03/Jun/2015:03:45:33 -0400] - Listening on /var/run/slapd-ZAEBA-LI.socket for LDAPI requests
[03/Jun/2015:03:45:33 -0400] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 115 (Operation now in progress)
[03/Jun/2015:03:45:33 -0400] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -1 (Can't contact LDAP server)
[03/Jun/2015:03:45:33 -0400] NSMMReplicationPlugin - agmt="cn=meTotestmaster.zaeba.li" (testmaster:389): Replication bind with GSSAPI auth failed: LDAP error -1 (Can't contact LDAP server) ()
[03/Jun/2015:03:45:38 -0400] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 2 (No such file or directory)
[03/Jun/2015:03:45:38 -0400] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -1 (Can't contact LDAP server)
[03/Jun/2015:03:45:43 -0400] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 2 (No such file or directory)
[03/Jun/2015:03:45:44 -0400] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -1 (Can't contact LDAP server)
[03/Jun/2015:03:45:55 -0400] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 2 (No such file or directory)
[03/Jun/2015:03:45:55 -0400] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -1 (Can't contact LDAP server)
[03/Jun/2015:03:46:19 -0400] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 2 (No such file or directory)
[03/Jun/2015:03:46:19 -0400] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -1 (Can't contact LDAP server)
[03/Jun/2015:03:47:07 -0400] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 2 (No such file or directory)
[03/Jun/2015:03:47:07 -0400] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -1 (Can't contact LDAP server)
[03/Jun/2015:03:48:41 -0400] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 0 (Success)
[03/Jun/2015:03:48:41 -0400] NSMMReplicationPlugin - agmt="cn=cloneAgreement1-replica3.zaeba.li-pki-tomcat" (testmaster:389): Replication bind with SIMPLE auth failed: LDAP error -1 (Can't contact LDAP server) ()
[03/Jun/2015:03:48:43 -0400] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 2 (No such file or directory)
[03/Jun/2015:03:48:43 -0400] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -1 (Can't contact LDAP server)
[03/Jun/2015:03:48:44 -0400] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 0 (Success)
[03/Jun/2015:03:48:50 -0400] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 0 (Success)
[03/Jun/2015:03:49:02 -0400] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 0 (Success)
[03/Jun/2015:03:49:26 -0400] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 0 (Success)
[03/Jun/2015:03:49:26 -0400] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [(anon)] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 0 (Success)
[03/Jun/2015:03:49:26 -0400] slapi_ldap_bind - Error: could not perform interactive bind for id [(anon)] authentication mechanism [GSSAPI]: error -1 (Can't contact LDAP server)
[03/Jun/2015:03:49:26 -0400] dna-plugin - dna_pre_op: no more values available!!
[03/Jun/2015:03:50:14 -0400] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 0 (Success)
[03/Jun/2015:03:51:50 -0400] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 0 (Success)
[03/Jun/2015:03:51:55 -0400] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 2 (No such file or directory)
[03/Jun/2015:03:51:55 -0400] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -1 (Can't contact LDAP server)
[03/Jun/2015:03:53:52 -0400] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [(anon)] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 2 (No such file or directory)
[03/Jun/2015:03:53:52 -0400] slapi_ldap_bind - Error: could not perform interactive bind for id [(anon)] authentication mechanism [GSSAPI]: error -1 (Can't contact LDAP server)
[03/Jun/2015:03:53:52 -0400] dna-plugin - dna_pre_op: no more values available!!
[03/Jun/2015:03:55:02 -0400] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 0 (Success)
[03/Jun/2015:03:56:55 -0400] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 2 (No such file or directory)
[03/Jun/2015:03:56:55 -0400] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -1 (Can't contact LDAP server)
[03/Jun/2015:04:00:02 -0400] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 0 (Success)
[03/Jun/2015:04:01:55 -0400] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 2 (No such file or directory)
[03/Jun/2015:04:01:55 -0400] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -1 (Can't contact LDAP server)
[03/Jun/2015:04:05:02 -0400] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 0 (Success)
[03/Jun/2015:04:06:55 -0400] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 2 (No such file or directory)
[03/Jun/2015:04:06:55 -0400] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -1 (Can't contact LDAP server)
[03/Jun/2015:04:10:02 -0400] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 0 (Success)
[03/Jun/2015:04:11:55 -0400] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 2 (No such file or directory)
[03/Jun/2015:04:11:55 -0400] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -1 (Can't contact LDAP server)
[03/Jun/2015:04:15:02 -0400] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 0 (Success)
[03/Jun/2015:04:16:55 -0400] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 2 (No such file or directory)
[03/Jun/2015:04:16:55 -0400] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -1 (Can't contact LDAP server)
More information about the Freeipa-devel
mailing list