[Freeipa-devel] [PATCH] 857 topology: ipa management commands
Oleg Fayans
ofayans at redhat.com
Tue May 26 13:56:40 UTC 2015
Hi Petr, team
After playing around with the previous version of your patch applied on
top of the current master branch today in the morning, I still observe
the problem with replica installation, described here:
https://fedorahosted.org/freeipa/ticket/5035
the session transcript together with ipareplica-install.log and the
errors log of the dirsrv on master are attached.
The following lines in the error log might be of interest:
[26/May/2015:08:46:09 -0400] NSMMReplicationPlugin - Finished total
update of replica "agmt="cn=meToreplica1.pesen.net" (replica1:389)".
Sent 382 entries.
[26/May/2015:08:46:11 -0400] ipa-topology-plugin - ipa_topo_util_modify:
failed to modify entry
(cn=meToreplica1.pesen.net,cn=replica,cn=dc\3Dpesen\2Cdc\3Dnet,cn=mapping tree,cn=config):
error 53
[26/May/2015:08:46:17 -0400] repl_version_plugin_recv_acquire_cb - [file
ipa_repl_version.c, line 119]: Incompatible IPA versions, pausing
replication. This server: "20100614120000" remote server: "(null)".
[26/May/2015:08:46:38 -0400] NSMMReplicationPlugin -
agmt="cn=meToreplica1.pesen.net" (replica1:389): Unable to receive the
response for a startReplication extended operation to consumer (Can't
contact LDAP server). Will retry later.
[26/May/2015:08:46:41 -0400] NSMMReplicationPlugin -
agmt="cn=meToreplica1.pesen.net" (replica1:389): Replication bind with
SIMPLE auth resumed
[26/May/2015:08:47:42 -0400] NSMMReplicationPlugin - Beginning total
update of replica
"agmt="cn=masterAgreement1-replica1.pesen.net-pki-tomcat" (replica1:389)".
[26/May/2015:08:47:46 -0400] NSMMReplicationPlugin - Finished total
update of replica
"agmt="cn=masterAgreement1-replica1.pesen.net-pki-tomcat"
(replica1:389)". Sent 70 entries.
[26/May/2015:08:48:28 -0400] repl_version_plugin_recv_acquire_cb - [file
ipa_repl_version.c, line 119]: Incompatible IPA versions, pausing
replication. This server: "20100614120000" remote server: "(null)".
[26/May/2015:08:48:28 -0400] repl_version_plugin_recv_acquire_cb - [file
ipa_repl_version.c, line 119]: Incompatible IPA versions, pausing
replication. This server: "20100614120000" remote server: "(null)".
Should I rebuild the packages with the latest version of your patch on
top of the current master with Tomas' latest Domain Level-related
changes and try again?
On 05/26/2015 03:31 PM, Petr Vobornik wrote:
> On 05/26/2015 12:19 PM, Petr Vobornik wrote:
>> this patch is based on top of my patch #856 and tbabej'
>> s 325-9.
>>
>> Obsoletes Ludwig's 0006.
>>
>> ipalib part of topology management
>>
>> Design:
>> - http://www.freeipa.org/page/V4/Manage_replication_topology
>>
>> https://fedorahosted.org/freeipa/ticket/4302
>>
>>
>
> New version attached:
> - domainlevel_show usage changed to domainlevel_get
> - updated VERSION
> - added more attrs to default_attributes
>
>
--
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150526/67429dae/attachment.htm>
-------------- next part --------------
389-Directory/1.3.4.a1 B2015.070.423
mymaster.pesen.net:389 (/etc/dirsrv/slapd-PESEN-NET)
[26/May/2015:08:12:20 -0400] - WARNING: Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database
[26/May/2015:08:12:20 -0400] - check_and_set_import_cache: pagesize: 4096, pages: 512432, procpages: 54077
[26/May/2015:08:12:20 -0400] - Import allocates 819888KB import cache.
[26/May/2015:08:12:20 -0400] - import userRoot: Beginning import job...
[26/May/2015:08:12:20 -0400] - import userRoot: Index buffering enabled with bucket size 100
[26/May/2015:08:12:20 -0400] - import userRoot: Processing file "/var/lib/dirsrv/boot.ldif"
[26/May/2015:08:12:20 -0400] - import userRoot: Finished scanning file "/var/lib/dirsrv/boot.ldif" (1 entries)
[26/May/2015:08:12:21 -0400] - import userRoot: Workers finished; cleaning up...
[26/May/2015:08:12:21 -0400] - import userRoot: Workers cleaned up.
[26/May/2015:08:12:21 -0400] - import userRoot: Cleaning up producer thread...
[26/May/2015:08:12:21 -0400] - import userRoot: Indexing complete. Post-processing...
[26/May/2015:08:12:21 -0400] - import userRoot: Generating numsubordinates (this may take several minutes to complete)...
[26/May/2015:08:12:21 -0400] - import userRoot: Generating numSubordinates complete.
[26/May/2015:08:12:21 -0400] - import userRoot: Gathering ancestorid non-leaf IDs...
[26/May/2015:08:12:21 -0400] - import userRoot: Finished gathering ancestorid non-leaf IDs.
[26/May/2015:08:12:21 -0400] - Nothing to do to build ancestorid index
[26/May/2015:08:12:21 -0400] - import userRoot: Created ancestorid index (new idl).
[26/May/2015:08:12:21 -0400] - import userRoot: Flushing caches...
[26/May/2015:08:12:21 -0400] - import userRoot: Closing files...
[26/May/2015:08:12:21 -0400] - All database threads now stopped
[26/May/2015:08:12:21 -0400] - import userRoot: Import complete. Processed 1 entries in 1 seconds. (1.00 entries/sec)
[26/May/2015:08:12:23 -0400] - 389-Directory/1.3.4.a1 B2015.070.423 starting up
[26/May/2015:08:12:23 -0400] - Db home directory is not set. Possibly nsslapd-directory (optionally nsslapd-db-home-directory) is missing in the config file.
[26/May/2015:08:12:23 -0400] - resizing db cache size: 839565312 -> 6400000
[26/May/2015:08:12:23 -0400] - slapd started. Listening on All Interfaces port 389 for LDAP requests
[26/May/2015:08:12:23 -0400] - convert_pbe_des_to_aes: Converting DES passwords to AES...
[26/May/2015:08:12:23 -0400] - convert_pbe_des_to_aes: Successfully disabled DES plugin (cn=DES,cn=Password Storage Schemes,cn=plugins,cn=config)
[26/May/2015:08:12:23 -0400] - convert_pbe_des_to_aes: Finished - no DES passwords to convert.
[26/May/2015:08:12:24 -0400] - slapd shutting down - signaling operation threads - op stack size 0 max work q size 0 max work q stack size 0
[26/May/2015:08:12:24 -0400] - slapd shutting down - closing down internal subsystems and plugins
[26/May/2015:08:12:24 -0400] - Waiting for 4 database threads to stop
[26/May/2015:08:12:25 -0400] - All database threads now stopped
[26/May/2015:08:12:25 -0400] - slapd shutting down - freed 0 work q stack objects - freed 0 op stack objects
[26/May/2015:08:12:25 -0400] - slapd stopped.
[26/May/2015:08:12:26 -0400] - 389-Directory/1.3.4.a1 B2015.070.423 starting up
[26/May/2015:08:12:26 -0400] - resizing db cache size: 6400000 -> 5120000
[26/May/2015:08:12:27 -0400] - slapd started. Listening on All Interfaces port 389 for LDAP requests
[26/May/2015:08:17:26 -0400] - The change of nsslapd-ldapilisten will not take effect until the server is restarted
[26/May/2015:08:17:27 -0400] - slapd shutting down - signaling operation threads - op stack size 2 max work q size 1 max work q stack size 1
[26/May/2015:08:17:27 -0400] - slapd shutting down - waiting for 1 thread to terminate
[26/May/2015:08:17:27 -0400] - slapd shutting down - closing down internal subsystems and plugins
[26/May/2015:08:17:28 -0400] - Waiting for 4 database threads to stop
[26/May/2015:08:17:28 -0400] - All database threads now stopped
[26/May/2015:08:17:28 -0400] - slapd shutting down - freed 1 work q stack objects - freed 2 op stack objects
[26/May/2015:08:17:28 -0400] - slapd stopped.
[26/May/2015:08:17:29 -0400] - 389-Directory/1.3.4.a1 B2015.070.423 starting up
[26/May/2015:08:17:29 -0400] - resizing db cache size: 5120000 -> 4096000
[26/May/2015:08:17:31 -0400] ipalockout_get_global_config - [file ipa_lockout.c, line 185]: Failed to get default realm (-1765328160)
[26/May/2015:08:17:32 -0400] ipaenrollment_start - [file ipa_enrollment.c, line 393]: Failed to get default realm?!
[26/May/2015:08:17:32 -0400] - slapd started. Listening on All Interfaces port 389 for LDAP requests
[26/May/2015:08:17:32 -0400] - Listening on /var/run/slapd-PESEN-NET.socket for LDAPI requests
[26/May/2015:08:17:38 -0400] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=pesen,dc=net--no CoS Templates found, which should be added before the CoS Definition.
[26/May/2015:08:17:40 -0400] NSACLPlugin - The ACL target cn=retrieve certificate,cn=virtual operations,cn=etc,dc=pesen,dc=net does not exist
[26/May/2015:08:17:40 -0400] NSACLPlugin - The ACL target cn=request certificate,cn=virtual operations,cn=etc,dc=pesen,dc=net does not exist
[26/May/2015:08:17:40 -0400] NSACLPlugin - The ACL target cn=request certificate different host,cn=virtual operations,cn=etc,dc=pesen,dc=net does not exist
[26/May/2015:08:17:40 -0400] NSACLPlugin - The ACL target cn=certificate status,cn=virtual operations,cn=etc,dc=pesen,dc=net does not exist
[26/May/2015:08:17:41 -0400] NSACLPlugin - The ACL target cn=revoke certificate,cn=virtual operations,cn=etc,dc=pesen,dc=net does not exist
[26/May/2015:08:17:41 -0400] NSACLPlugin - The ACL target cn=certificate remove hold,cn=virtual operations,cn=etc,dc=pesen,dc=net does not exist
[26/May/2015:08:17:42 -0400] memberof-plugin - Memberof task starts (arg: (objectclass=*)) ...
[26/May/2015:08:17:42 -0400] memberof-plugin - Memberof task finished (arg: (objectclass=*)) ...
[26/May/2015:08:17:45 -0400] - slapd shutting down - signaling operation threads - op stack size 3 max work q size 2 max work q stack size 2
[26/May/2015:08:17:45 -0400] - slapd shutting down - waiting for 3 threads to terminate
[26/May/2015:08:17:45 -0400] - slapd shutting down - closing down internal subsystems and plugins
[26/May/2015:08:17:46 -0400] - Waiting for 4 database threads to stop
[26/May/2015:08:17:47 -0400] - All database threads now stopped
[26/May/2015:08:17:47 -0400] - slapd shutting down - freed 2 work q stack objects - freed 3 op stack objects
[26/May/2015:08:17:47 -0400] - slapd stopped.
[26/May/2015:08:17:48 -0400] - 389-Directory/1.3.4.a1 B2015.070.423 starting up
[26/May/2015:08:17:48 -0400] - resizing db cache size: 4096000 -> 3276800
[26/May/2015:08:17:49 -0400] schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc=pesen,dc=net
[26/May/2015:08:17:49 -0400] schema-compat-plugin - warning: no entries set up under cn=ng, cn=compat,dc=pesen,dc=net
[26/May/2015:08:17:49 -0400] schema-compat-plugin - warning: no entries set up under ou=sudoers,dc=pesen,dc=net
[26/May/2015:08:17:49 -0400] NSACLPlugin - The ACL target cn=retrieve certificate,cn=virtual operations,cn=etc,dc=pesen,dc=net does not exist
[26/May/2015:08:17:49 -0400] NSACLPlugin - The ACL target cn=request certificate,cn=virtual operations,cn=etc,dc=pesen,dc=net does not exist
[26/May/2015:08:17:49 -0400] NSACLPlugin - The ACL target cn=request certificate different host,cn=virtual operations,cn=etc,dc=pesen,dc=net does not exist
[26/May/2015:08:17:49 -0400] NSACLPlugin - The ACL target cn=certificate status,cn=virtual operations,cn=etc,dc=pesen,dc=net does not exist
[26/May/2015:08:17:49 -0400] NSACLPlugin - The ACL target cn=revoke certificate,cn=virtual operations,cn=etc,dc=pesen,dc=net does not exist
[26/May/2015:08:17:49 -0400] NSACLPlugin - The ACL target cn=certificate remove hold,cn=virtual operations,cn=etc,dc=pesen,dc=net does not exist
[26/May/2015:08:17:49 -0400] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=pesen,dc=net--no CoS Templates found, which should be added before the CoS Definition.
[26/May/2015:08:17:49 -0400] ipalockout_get_global_config - [file ipa_lockout.c, line 185]: Failed to get default realm (-1765328160)
[26/May/2015:08:17:49 -0400] ipaenrollment_start - [file ipa_enrollment.c, line 393]: Failed to get default realm?!
[26/May/2015:08:17:49 -0400] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=pesen,dc=net--no CoS Templates found, which should be added before the CoS Definition.
[26/May/2015:08:17:49 -0400] - slapd started. Listening on All Interfaces port 389 for LDAP requests
[26/May/2015:08:17:49 -0400] - Listening on /var/run/slapd-PESEN-NET.socket for LDAPI requests
[26/May/2015:08:17:49 -0400] - The change of nsslapd-maxdescriptors will not take effect until the server is restarted
[26/May/2015:08:18:27 -0400] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=pesen,dc=net--no CoS Templates found, which should be added before the CoS Definition.
[26/May/2015:08:19:25 -0400] - ipaca: Indexing VLV: allCerts-pki-tomcatIndex
[26/May/2015:08:19:25 -0400] - ipaca: Indexing VLV: allExpiredCerts-pki-tomcatIndex
[26/May/2015:08:19:25 -0400] - ipaca: Indexing VLV: allInvalidCerts-pki-tomcatIndex
[26/May/2015:08:19:26 -0400] - ipaca: Indexing VLV: allInValidCertsNotBefore-pki-tomcatIndex
[26/May/2015:08:19:26 -0400] - ipaca: Indexing VLV: allNonRevokedCerts-pki-tomcatIndex
[26/May/2015:08:19:26 -0400] - ipaca: Indexing VLV: allRevokedCaCerts-pki-tomcatIndex
[26/May/2015:08:19:26 -0400] - ipaca: Indexing VLV: allRevokedCerts-pki-tomcatIndex
[26/May/2015:08:19:26 -0400] - ipaca: Indexing VLV: allRevokedCertsNotAfter-pki-tomcatIndex
[26/May/2015:08:19:26 -0400] - ipaca: Indexing VLV: allRevokedExpiredCerts-pki-tomcatIndex
[26/May/2015:08:19:26 -0400] - ipaca: Indexing VLV: allRevokedOrRevokedExpiredCaCerts-pki-tomcatIndex
[26/May/2015:08:19:26 -0400] - ipaca: Indexing VLV: allRevokedOrRevokedExpiredCerts-pki-tomcatIndex
[26/May/2015:08:19:26 -0400] - ipaca: Indexing VLV: allValidCerts-pki-tomcatIndex
[26/May/2015:08:19:26 -0400] - ipaca: Indexing VLV: allValidCertsNotAfter-pki-tomcatIndex
[26/May/2015:08:19:26 -0400] - ipaca: Indexing VLV: allValidOrRevokedCerts-pki-tomcatIndex
[26/May/2015:08:19:26 -0400] - ipaca: Indexing VLV: caAll-pki-tomcatIndex
[26/May/2015:08:19:26 -0400] - ipaca: Indexing VLV: caCanceled-pki-tomcatIndex
[26/May/2015:08:19:26 -0400] - ipaca: Indexing VLV: caCanceledEnrollment-pki-tomcatIndex
[26/May/2015:08:19:26 -0400] - ipaca: Indexing VLV: caCanceledRenewal-pki-tomcatIndex
[26/May/2015:08:19:26 -0400] - ipaca: Indexing VLV: caCanceledRevocation-pki-tomcatIndex
[26/May/2015:08:19:26 -0400] - ipaca: Indexing VLV: caComplete-pki-tomcatIndex
[26/May/2015:08:19:26 -0400] - ipaca: Indexing VLV: caCompleteEnrollment-pki-tomcatIndex
[26/May/2015:08:19:26 -0400] - ipaca: Indexing VLV: caCompleteRenewal-pki-tomcatIndex
[26/May/2015:08:19:26 -0400] - ipaca: Indexing VLV: caCompleteRevocation-pki-tomcatIndex
[26/May/2015:08:19:26 -0400] - ipaca: Indexing VLV: caEnrollment-pki-tomcatIndex
[26/May/2015:08:19:26 -0400] - ipaca: Indexing VLV: caPending-pki-tomcatIndex
[26/May/2015:08:19:26 -0400] - ipaca: Indexing VLV: caPendingEnrollment-pki-tomcatIndex
[26/May/2015:08:19:26 -0400] - ipaca: Indexing VLV: caPendingRenewal-pki-tomcatIndex
[26/May/2015:08:19:26 -0400] - ipaca: Indexing VLV: caPendingRevocation-pki-tomcatIndex
[26/May/2015:08:19:26 -0400] - ipaca: Indexing VLV: caRejected-pki-tomcatIndex
[26/May/2015:08:19:26 -0400] - ipaca: Indexing VLV: caRejectedEnrollment-pki-tomcatIndex
[26/May/2015:08:19:26 -0400] - ipaca: Indexing VLV: caRejectedRenewal-pki-tomcatIndex
[26/May/2015:08:19:27 -0400] - ipaca: Indexing VLV: caRejectedRevocation-pki-tomcatIndex
[26/May/2015:08:19:27 -0400] - ipaca: Indexing VLV: caRenewal-pki-tomcatIndex
[26/May/2015:08:19:27 -0400] - ipaca: Indexing VLV: caRevocation-pki-tomcatIndex
[26/May/2015:08:19:27 -0400] - warning: ancestorid not indexed on 21; possibly, the entry id 21 has no descendants yet.
[26/May/2015:08:19:27 -0400] - warning: ancestorid not indexed on 21; possibly, the entry id 21 has no descendants yet.
[26/May/2015:08:19:27 -0400] - warning: ancestorid not indexed on 21; possibly, the entry id 21 has no descendants yet.
[26/May/2015:08:19:27 -0400] - warning: ancestorid not indexed on 21; possibly, the entry id 21 has no descendants yet.
[26/May/2015:08:19:27 -0400] - warning: ancestorid not indexed on 21; possibly, the entry id 21 has no descendants yet.
[26/May/2015:08:19:27 -0400] - warning: ancestorid not indexed on 21; possibly, the entry id 21 has no descendants yet.
[26/May/2015:08:19:27 -0400] - warning: ancestorid not indexed on 21; possibly, the entry id 21 has no descendants yet.
[26/May/2015:08:19:27 -0400] - warning: ancestorid not indexed on 21; possibly, the entry id 21 has no descendants yet.
[26/May/2015:08:19:27 -0400] - warning: ancestorid not indexed on 21; possibly, the entry id 21 has no descendants yet.
[26/May/2015:08:19:27 -0400] - warning: ancestorid not indexed on 21; possibly, the entry id 21 has no descendants yet.
[26/May/2015:08:19:27 -0400] - warning: ancestorid not indexed on 21; possibly, the entry id 21 has no descendants yet.
[26/May/2015:08:19:27 -0400] - warning: ancestorid not indexed on 21; possibly, the entry id 21 has no descendants yet.
[26/May/2015:08:19:27 -0400] - warning: ancestorid not indexed on 21; possibly, the entry id 21 has no descendants yet.
[26/May/2015:08:19:27 -0400] - warning: ancestorid not indexed on 21; possibly, the entry id 21 has no descendants yet.
[26/May/2015:08:19:27 -0400] - warning: ancestorid not indexed on 23; possibly, the entry id 23 has no descendants yet.
[26/May/2015:08:19:27 -0400] - warning: ancestorid not indexed on 23; possibly, the entry id 23 has no descendants yet.
[26/May/2015:08:19:27 -0400] - warning: ancestorid not indexed on 23; possibly, the entry id 23 has no descendants yet.
[26/May/2015:08:19:27 -0400] - warning: ancestorid not indexed on 23; possibly, the entry id 23 has no descendants yet.
[26/May/2015:08:19:27 -0400] - warning: ancestorid not indexed on 23; possibly, the entry id 23 has no descendants yet.
[26/May/2015:08:19:27 -0400] - warning: ancestorid not indexed on 23; possibly, the entry id 23 has no descendants yet.
[26/May/2015:08:19:27 -0400] - warning: ancestorid not indexed on 23; possibly, the entry id 23 has no descendants yet.
[26/May/2015:08:19:27 -0400] - warning: ancestorid not indexed on 23; possibly, the entry id 23 has no descendants yet.
[26/May/2015:08:19:27 -0400] - warning: ancestorid not indexed on 23; possibly, the entry id 23 has no descendants yet.
[26/May/2015:08:19:27 -0400] - warning: ancestorid not indexed on 23; possibly, the entry id 23 has no descendants yet.
[26/May/2015:08:19:27 -0400] - warning: ancestorid not indexed on 23; possibly, the entry id 23 has no descendants yet.
[26/May/2015:08:19:27 -0400] - warning: ancestorid not indexed on 23; possibly, the entry id 23 has no descendants yet.
[26/May/2015:08:19:27 -0400] - warning: ancestorid not indexed on 23; possibly, the entry id 23 has no descendants yet.
[26/May/2015:08:19:28 -0400] - warning: ancestorid not indexed on 23; possibly, the entry id 23 has no descendants yet.
[26/May/2015:08:19:28 -0400] - warning: ancestorid not indexed on 23; possibly, the entry id 23 has no descendants yet.
[26/May/2015:08:19:28 -0400] - warning: ancestorid not indexed on 23; possibly, the entry id 23 has no descendants yet.
[26/May/2015:08:19:28 -0400] - warning: ancestorid not indexed on 23; possibly, the entry id 23 has no descendants yet.
[26/May/2015:08:19:28 -0400] - warning: ancestorid not indexed on 23; possibly, the entry id 23 has no descendants yet.
[26/May/2015:08:19:28 -0400] - warning: ancestorid not indexed on 23; possibly, the entry id 23 has no descendants yet.
[26/May/2015:08:19:28 -0400] - warning: ancestorid not indexed on 23; possibly, the entry id 23 has no descendants yet.
[26/May/2015:08:19:28 -0400] - ipaca: Finished indexing.
[26/May/2015:08:20:20 -0400] - Warning: Adding configuration attribute "nsslapd-security"
[26/May/2015:08:20:21 -0400] - slapd shutting down - signaling operation threads - op stack size 2 max work q size 2 max work q stack size 2
[26/May/2015:08:20:21 -0400] - slapd shutting down - waiting for 1 thread to terminate
[26/May/2015:08:20:21 -0400] - slapd shutting down - closing down internal subsystems and plugins
[26/May/2015:08:20:22 -0400] - Waiting for 4 database threads to stop
[26/May/2015:08:20:22 -0400] - All database threads now stopped
[26/May/2015:08:20:22 -0400] - slapd shutting down - freed 2 work q stack objects - freed 3 op stack objects
[26/May/2015:08:20:22 -0400] - slapd stopped.
[26/May/2015:08:20:23 -0400] SSL Initialization - Configured SSL version range: min: TLS1.0, max: TLS1.2
[26/May/2015:08:20:23 -0400] - SSL alert: Configured NSS Ciphers
[26/May/2015:08:20:23 -0400] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
[26/May/2015:08:20:23 -0400] - SSL alert: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
[26/May/2015:08:20:23 -0400] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
[26/May/2015:08:20:23 -0400] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
[26/May/2015:08:20:23 -0400] - SSL alert: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
[26/May/2015:08:20:23 -0400] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: enabled
[26/May/2015:08:20:23 -0400] - SSL alert: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: enabled
[26/May/2015:08:20:23 -0400] - SSL alert: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
[26/May/2015:08:20:23 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
[26/May/2015:08:20:23 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
[26/May/2015:08:20:23 -0400] - SSL alert: TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled
[26/May/2015:08:20:23 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
[26/May/2015:08:20:23 -0400] - SSL alert: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled
[26/May/2015:08:20:24 -0400] - SSL alert: TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA: enabled
[26/May/2015:08:20:24 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
[26/May/2015:08:20:24 -0400] - SSL alert: TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled
[26/May/2015:08:20:24 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
[26/May/2015:08:20:24 -0400] - SSL alert: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled
[26/May/2015:08:20:24 -0400] - SSL alert: TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA: enabled
[26/May/2015:08:20:24 -0400] - SSL alert: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: enabled
[26/May/2015:08:20:24 -0400] - SSL alert: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: enabled
[26/May/2015:08:20:24 -0400] - SSL alert: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: enabled
[26/May/2015:08:20:24 -0400] - SSL alert: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: enabled
[26/May/2015:08:20:24 -0400] - SSL alert: TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
[26/May/2015:08:20:24 -0400] - SSL alert: TLS_RSA_WITH_AES_128_CBC_SHA: enabled
[26/May/2015:08:20:24 -0400] - SSL alert: TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
[26/May/2015:08:20:24 -0400] - SSL alert: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled
[26/May/2015:08:20:25 -0400] - SSL alert: TLS_RSA_WITH_AES_256_CBC_SHA: enabled
[26/May/2015:08:20:25 -0400] - SSL alert: TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
[26/May/2015:08:20:25 -0400] - SSL alert: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled
[26/May/2015:08:20:25 -0400] - SSL alert: TLS_RSA_WITH_SEED_CBC_SHA: enabled
[26/May/2015:08:20:25 -0400] - 389-Directory/1.3.4.a1 B2015.070.423 starting up
[26/May/2015:08:20:25 -0400] - resizing db cache size: 3276800 -> 2621440
[26/May/2015:08:20:25 -0400] attrcrypt - No symmetric key found for cipher AES in backend userRoot, attempting to create one...
[26/May/2015:08:20:26 -0400] attrcrypt - Key for cipher AES successfully generated and stored
[26/May/2015:08:20:26 -0400] attrcrypt - No symmetric key found for cipher 3DES in backend userRoot, attempting to create one...
[26/May/2015:08:20:26 -0400] attrcrypt - Key for cipher 3DES successfully generated and stored
[26/May/2015:08:20:26 -0400] attrcrypt - No symmetric key found for cipher AES in backend ipaca, attempting to create one...
[26/May/2015:08:20:26 -0400] attrcrypt - Key for cipher AES successfully generated and stored
[26/May/2015:08:20:27 -0400] attrcrypt - No symmetric key found for cipher 3DES in backend ipaca, attempting to create one...
[26/May/2015:08:20:27 -0400] attrcrypt - Key for cipher 3DES successfully generated and stored
[26/May/2015:08:20:27 -0400] schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc=pesen,dc=net
[26/May/2015:08:20:27 -0400] schema-compat-plugin - warning: no entries set up under cn=ng, cn=compat,dc=pesen,dc=net
[26/May/2015:08:20:27 -0400] schema-compat-plugin - warning: no entries set up under ou=sudoers,dc=pesen,dc=net
[26/May/2015:08:20:27 -0400] NSACLPlugin - The ACL target cn=retrieve certificate,cn=virtual operations,cn=etc,dc=pesen,dc=net does not exist
[26/May/2015:08:20:27 -0400] NSACLPlugin - The ACL target cn=request certificate,cn=virtual operations,cn=etc,dc=pesen,dc=net does not exist
[26/May/2015:08:20:27 -0400] NSACLPlugin - The ACL target cn=request certificate different host,cn=virtual operations,cn=etc,dc=pesen,dc=net does not exist
[26/May/2015:08:20:27 -0400] NSACLPlugin - The ACL target cn=certificate status,cn=virtual operations,cn=etc,dc=pesen,dc=net does not exist
[26/May/2015:08:20:27 -0400] NSACLPlugin - The ACL target cn=revoke certificate,cn=virtual operations,cn=etc,dc=pesen,dc=net does not exist
[26/May/2015:08:20:27 -0400] NSACLPlugin - The ACL target cn=certificate remove hold,cn=virtual operations,cn=etc,dc=pesen,dc=net does not exist
[26/May/2015:08:20:27 -0400] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=pesen,dc=net--no CoS Templates found, which should be added before the CoS Definition.
[26/May/2015:08:20:27 -0400] ipalockout_get_global_config - [file ipa_lockout.c, line 185]: Failed to get default realm (-1765328160)
[26/May/2015:08:20:28 -0400] ipaenrollment_start - [file ipa_enrollment.c, line 393]: Failed to get default realm?!
[26/May/2015:08:20:28 -0400] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=pesen,dc=net--no CoS Templates found, which should be added before the CoS Definition.
[26/May/2015:08:20:28 -0400] - slapd started. Listening on All Interfaces port 389 for LDAP requests
[26/May/2015:08:20:28 -0400] - Listening on All Interfaces port 636 for LDAPS requests
[26/May/2015:08:20:28 -0400] - Listening on /var/run/slapd-PESEN-NET.socket for LDAPI requests
[26/May/2015:08:21:02 -0400] - slapd shutting down - signaling operation threads - op stack size 3 max work q size 2 max work q stack size 2
[26/May/2015:08:21:02 -0400] - slapd shutting down - waiting for 3 threads to terminate
[26/May/2015:08:21:02 -0400] - slapd shutting down - closing down internal subsystems and plugins
[26/May/2015:08:21:02 -0400] - Waiting for 4 database threads to stop
[26/May/2015:08:21:05 -0400] - All database threads now stopped
[26/May/2015:08:21:05 -0400] - slapd shutting down - freed 2 work q stack objects - freed 4 op stack objects
[26/May/2015:08:21:05 -0400] - slapd stopped.
[26/May/2015:08:21:07 -0400] - Information: Non-Secure Port Disabled
[26/May/2015:08:21:07 -0400] - 389-Directory/1.3.4.a1 B2015.070.423 starting up
[26/May/2015:08:21:07 -0400] - resizing db cache size: 2621440 -> 2097152
[26/May/2015:08:21:07 -0400] schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc=pesen,dc=net
[26/May/2015:08:21:08 -0400] schema-compat-plugin - warning: no entries set up under cn=ng, cn=compat,dc=pesen,dc=net
[26/May/2015:08:21:08 -0400] schema-compat-plugin - warning: no entries set up under ou=sudoers,dc=pesen,dc=net
[26/May/2015:08:21:08 -0400] NSACLPlugin - The ACL target cn=retrieve certificate,cn=virtual operations,cn=etc,dc=pesen,dc=net does not exist
[26/May/2015:08:21:08 -0400] NSACLPlugin - The ACL target cn=request certificate,cn=virtual operations,cn=etc,dc=pesen,dc=net does not exist
[26/May/2015:08:21:08 -0400] NSACLPlugin - The ACL target cn=request certificate different host,cn=virtual operations,cn=etc,dc=pesen,dc=net does not exist
[26/May/2015:08:21:08 -0400] NSACLPlugin - The ACL target cn=certificate status,cn=virtual operations,cn=etc,dc=pesen,dc=net does not exist
[26/May/2015:08:21:08 -0400] NSACLPlugin - The ACL target cn=revoke certificate,cn=virtual operations,cn=etc,dc=pesen,dc=net does not exist
[26/May/2015:08:21:08 -0400] NSACLPlugin - The ACL target cn=certificate remove hold,cn=virtual operations,cn=etc,dc=pesen,dc=net does not exist
[26/May/2015:08:21:08 -0400] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=pesen,dc=net--no CoS Templates found, which should be added before the CoS Definition.
[26/May/2015:08:21:09 -0400] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=pesen,dc=net--no CoS Templates found, which should be added before the CoS Definition.
[26/May/2015:08:21:09 -0400] - slapd started. Listening on /var/run/slapd-PESEN-NET.socket for LDAPI requests
[26/May/2015:08:21:11 -0400] schema-compat-plugin - warning: no entries set up under ou=sudoers,dc=pesen,dc=net
[26/May/2015:08:21:11 -0400] schema-compat-plugin - warning: no entries set up under cn=ng, cn=compat,dc=pesen,dc=net
[26/May/2015:08:21:11 -0400] schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc=pesen,dc=net
[26/May/2015:08:21:11 -0400] schema-compat-plugin - warning: no entries set up under ou=sudoers,dc=pesen,dc=net
[26/May/2015:08:21:17 -0400] - userRoot: Indexing attribute: memberuid
[26/May/2015:08:21:18 -0400] - userRoot: Finished indexing.
[26/May/2015:08:21:23 -0400] - userRoot: Indexing attribute: member
[26/May/2015:08:21:24 -0400] - userRoot: Finished indexing.
[26/May/2015:08:21:30 -0400] - userRoot: Indexing attribute: uniquemember
[26/May/2015:08:21:31 -0400] - userRoot: Finished indexing.
[26/May/2015:08:21:36 -0400] - userRoot: Indexing attribute: owner
[26/May/2015:08:21:37 -0400] - userRoot: Finished indexing.
[26/May/2015:08:21:42 -0400] - userRoot: Indexing attribute: seeAlso
[26/May/2015:08:21:43 -0400] - userRoot: Finished indexing.
[26/May/2015:08:21:49 -0400] - userRoot: Indexing attribute: ipatokenradiusconfiglink
[26/May/2015:08:21:49 -0400] - userRoot: Finished indexing.
[26/May/2015:08:21:55 -0400] - userRoot: Indexing attribute: ipaassignedidview
[26/May/2015:08:21:55 -0400] - userRoot: Finished indexing.
[26/May/2015:08:22:01 -0400] - userRoot: Indexing attribute: ntUniqueId
[26/May/2015:08:22:02 -0400] - userRoot: Finished indexing.
[26/May/2015:08:22:07 -0400] - userRoot: Indexing attribute: ntUserDomainId
[26/May/2015:08:22:08 -0400] - userRoot: Finished indexing.
[26/May/2015:08:22:09 -0400] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=pesen,dc=net--no CoS Templates found, which should be added before the CoS Definition.
[26/May/2015:08:22:09 -0400] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=pesen,dc=net--no CoS Templates found, which should be added before the CoS Definition.
[26/May/2015:08:22:17 -0400] memberof-plugin - Memberof task starts (arg: (objectclass=*)) ...
[26/May/2015:08:22:17 -0400] memberof-plugin - Memberof task starts (arg: (objectclass=*)) ...
[26/May/2015:08:22:18 -0400] memberof-plugin - Memberof task finished (arg: (objectclass=*)) ...
[26/May/2015:08:22:18 -0400] memberof-plugin - Memberof task finished (arg: (objectclass=*)) ...
[26/May/2015:08:22:22 -0400] NSACLPlugin - The ACL target cn=dns,dc=pesen,dc=net does not exist
[26/May/2015:08:22:22 -0400] NSACLPlugin - The ACL target cn=dns,dc=pesen,dc=net does not exist
[26/May/2015:08:22:23 -0400] NSACLPlugin - The ACL target cn=keys,cn=sec,cn=dns,dc=pesen,dc=net does not exist
[26/May/2015:08:22:23 -0400] NSACLPlugin - The ACL target cn=dns,dc=pesen,dc=net does not exist
[26/May/2015:08:22:23 -0400] NSACLPlugin - The ACL target cn=dns,dc=pesen,dc=net does not exist
[26/May/2015:08:22:51 -0400] NSACLPlugin - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=pesen,dc=net does not exist
[26/May/2015:08:22:51 -0400] NSACLPlugin - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=pesen,dc=net does not exist
[26/May/2015:08:22:51 -0400] NSACLPlugin - The ACL target cn=ad,cn=etc,dc=pesen,dc=net does not exist
[26/May/2015:08:22:53 -0400] - slapd shutting down - signaling operation threads - op stack size 3 max work q size 1 max work q stack size 1
[26/May/2015:08:22:53 -0400] - slapd shutting down - waiting for 1 thread to terminate
[26/May/2015:08:22:53 -0400] - slapd shutting down - closing down internal subsystems and plugins
[26/May/2015:08:22:53 -0400] - Waiting for 4 database threads to stop
[26/May/2015:08:22:54 -0400] - All database threads now stopped
[26/May/2015:08:22:54 -0400] - slapd shutting down - freed 1 work q stack objects - freed 3 op stack objects
[26/May/2015:08:22:54 -0400] - slapd stopped.
[26/May/2015:08:22:55 -0400] SSL Initialization - Configured SSL version range: min: TLS1.0, max: TLS1.2
[26/May/2015:08:22:55 -0400] - SSL alert: Configured NSS Ciphers
[26/May/2015:08:22:55 -0400] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
[26/May/2015:08:22:55 -0400] - SSL alert: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
[26/May/2015:08:22:55 -0400] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
[26/May/2015:08:22:55 -0400] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
[26/May/2015:08:22:55 -0400] - SSL alert: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
[26/May/2015:08:22:55 -0400] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: enabled
[26/May/2015:08:22:55 -0400] - SSL alert: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: enabled
[26/May/2015:08:22:55 -0400] - SSL alert: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
[26/May/2015:08:22:55 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
[26/May/2015:08:22:55 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
[26/May/2015:08:22:55 -0400] - SSL alert: TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled
[26/May/2015:08:22:56 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
[26/May/2015:08:22:56 -0400] - SSL alert: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled
[26/May/2015:08:22:56 -0400] - SSL alert: TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA: enabled
[26/May/2015:08:22:56 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
[26/May/2015:08:22:56 -0400] - SSL alert: TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled
[26/May/2015:08:22:56 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
[26/May/2015:08:22:56 -0400] - SSL alert: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled
[26/May/2015:08:22:56 -0400] - SSL alert: TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA: enabled
[26/May/2015:08:22:56 -0400] - SSL alert: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: enabled
[26/May/2015:08:22:56 -0400] - SSL alert: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: enabled
[26/May/2015:08:22:56 -0400] - SSL alert: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: enabled
[26/May/2015:08:22:56 -0400] - SSL alert: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: enabled
[26/May/2015:08:22:56 -0400] - SSL alert: TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
[26/May/2015:08:22:56 -0400] - SSL alert: TLS_RSA_WITH_AES_128_CBC_SHA: enabled
[26/May/2015:08:22:56 -0400] - SSL alert: TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
[26/May/2015:08:22:56 -0400] - SSL alert: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled
[26/May/2015:08:22:56 -0400] - SSL alert: TLS_RSA_WITH_AES_256_CBC_SHA: enabled
[26/May/2015:08:22:56 -0400] - SSL alert: TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
[26/May/2015:08:22:56 -0400] - SSL alert: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled
[26/May/2015:08:22:56 -0400] - SSL alert: TLS_RSA_WITH_SEED_CBC_SHA: enabled
[26/May/2015:08:22:56 -0400] - 389-Directory/1.3.4.a1 B2015.070.423 starting up
[26/May/2015:08:22:56 -0400] - resizing db cache size: 2097152 -> 1677721
[26/May/2015:08:22:56 -0400] schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc=pesen,dc=net
[26/May/2015:08:22:57 -0400] schema-compat-plugin - warning: no entries set up under cn=ng, cn=compat,dc=pesen,dc=net
[26/May/2015:08:22:57 -0400] schema-compat-plugin - warning: no entries set up under ou=sudoers,dc=pesen,dc=net
[26/May/2015:08:22:57 -0400] NSACLPlugin - The ACL target cn=dns,dc=pesen,dc=net does not exist
[26/May/2015:08:22:57 -0400] NSACLPlugin - The ACL target cn=dns,dc=pesen,dc=net does not exist
[26/May/2015:08:22:57 -0400] NSACLPlugin - The ACL target cn=keys,cn=sec,cn=dns,dc=pesen,dc=net does not exist
[26/May/2015:08:22:57 -0400] NSACLPlugin - The ACL target cn=dns,dc=pesen,dc=net does not exist
[26/May/2015:08:22:57 -0400] NSACLPlugin - The ACL target cn=dns,dc=pesen,dc=net does not exist
[26/May/2015:08:22:57 -0400] NSACLPlugin - The ACL target cn=groups,cn=compat,dc=pesen,dc=net does not exist
[26/May/2015:08:22:57 -0400] NSACLPlugin - The ACL target cn=computers,cn=compat,dc=pesen,dc=net does not exist
[26/May/2015:08:22:57 -0400] NSACLPlugin - The ACL target cn=ng,cn=compat,dc=pesen,dc=net does not exist
[26/May/2015:08:22:57 -0400] NSACLPlugin - The ACL target ou=sudoers,dc=pesen,dc=net does not exist
[26/May/2015:08:22:57 -0400] NSACLPlugin - The ACL target cn=users,cn=compat,dc=pesen,dc=net does not exist
[26/May/2015:08:22:57 -0400] NSACLPlugin - The ACL target cn=ad,cn=etc,dc=pesen,dc=net does not exist
[26/May/2015:08:22:57 -0400] NSACLPlugin - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=pesen,dc=net does not exist
[26/May/2015:08:22:57 -0400] NSACLPlugin - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=pesen,dc=net does not exist
[26/May/2015:08:22:57 -0400] NSACLPlugin - The ACL target cn=automember rebuild membership,cn=tasks,cn=config does not exist
[26/May/2015:08:22:57 -0400] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=pesen,dc=net--no CoS Templates found, which should be added before the CoS Definition.
[26/May/2015:08:22:57 -0400] attrcrypt - No symmetric key found for cipher AES in backend changelog, attempting to create one...
[26/May/2015:08:22:57 -0400] attrcrypt - Key for cipher AES successfully generated and stored
[26/May/2015:08:22:57 -0400] attrcrypt - No symmetric key found for cipher 3DES in backend changelog, attempting to create one...
[26/May/2015:08:22:58 -0400] attrcrypt - Key for cipher 3DES successfully generated and stored
[26/May/2015:08:22:59 -0400] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=pesen,dc=net--no CoS Templates found, which should be added before the CoS Definition.
[26/May/2015:08:22:59 -0400] - slapd started. Listening on All Interfaces port 389 for LDAP requests
[26/May/2015:08:22:59 -0400] - Listening on All Interfaces port 636 for LDAPS requests
[26/May/2015:08:22:59 -0400] - Listening on /var/run/slapd-PESEN-NET.socket for LDAPI requests
[26/May/2015:08:22:59 -0400] - slapd shutting down - signaling operation threads - op stack size 1 max work q size 1 max work q stack size 1
[26/May/2015:08:22:59 -0400] - slapd shutting down - closing down internal subsystems and plugins
[26/May/2015:08:22:59 -0400] - Waiting for 4 database threads to stop
[26/May/2015:08:23:00 -0400] - All database threads now stopped
[26/May/2015:08:23:00 -0400] - slapd shutting down - freed 1 work q stack objects - freed 1 op stack objects
[26/May/2015:08:23:00 -0400] - slapd stopped.
[26/May/2015:08:23:01 -0400] SSL Initialization - Configured SSL version range: min: TLS1.0, max: TLS1.2
[26/May/2015:08:23:01 -0400] - SSL alert: Configured NSS Ciphers
[26/May/2015:08:23:01 -0400] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
[26/May/2015:08:23:01 -0400] - SSL alert: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
[26/May/2015:08:23:01 -0400] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
[26/May/2015:08:23:01 -0400] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
[26/May/2015:08:23:01 -0400] - SSL alert: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
[26/May/2015:08:23:01 -0400] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: enabled
[26/May/2015:08:23:01 -0400] - SSL alert: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: enabled
[26/May/2015:08:23:01 -0400] - SSL alert: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
[26/May/2015:08:23:01 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
[26/May/2015:08:23:01 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
[26/May/2015:08:23:01 -0400] - SSL alert: TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled
[26/May/2015:08:23:02 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
[26/May/2015:08:23:02 -0400] - SSL alert: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled
[26/May/2015:08:23:02 -0400] - SSL alert: TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA: enabled
[26/May/2015:08:23:02 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
[26/May/2015:08:23:02 -0400] - SSL alert: TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled
[26/May/2015:08:23:02 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
[26/May/2015:08:23:02 -0400] - SSL alert: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled
[26/May/2015:08:23:02 -0400] - SSL alert: TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA: enabled
[26/May/2015:08:23:02 -0400] - SSL alert: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: enabled
[26/May/2015:08:23:02 -0400] - SSL alert: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: enabled
[26/May/2015:08:23:02 -0400] - SSL alert: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: enabled
[26/May/2015:08:23:02 -0400] - SSL alert: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: enabled
[26/May/2015:08:23:02 -0400] - SSL alert: TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
[26/May/2015:08:23:02 -0400] - SSL alert: TLS_RSA_WITH_AES_128_CBC_SHA: enabled
[26/May/2015:08:23:02 -0400] - SSL alert: TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
[26/May/2015:08:23:02 -0400] - SSL alert: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled
[26/May/2015:08:23:02 -0400] - SSL alert: TLS_RSA_WITH_AES_256_CBC_SHA: enabled
[26/May/2015:08:23:02 -0400] - SSL alert: TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
[26/May/2015:08:23:02 -0400] - SSL alert: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled
[26/May/2015:08:23:02 -0400] - SSL alert: TLS_RSA_WITH_SEED_CBC_SHA: enabled
[26/May/2015:08:23:02 -0400] - 389-Directory/1.3.4.a1 B2015.070.423 starting up
[26/May/2015:08:23:02 -0400] - resizing db cache size: 1677721 -> 1342176
[26/May/2015:08:23:03 -0400] schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc=pesen,dc=net
[26/May/2015:08:23:03 -0400] schema-compat-plugin - warning: no entries set up under cn=ng, cn=compat,dc=pesen,dc=net
[26/May/2015:08:23:03 -0400] schema-compat-plugin - warning: no entries set up under ou=sudoers,dc=pesen,dc=net
[26/May/2015:08:23:03 -0400] NSACLPlugin - The ACL target cn=dns,dc=pesen,dc=net does not exist
[26/May/2015:08:23:03 -0400] NSACLPlugin - The ACL target cn=dns,dc=pesen,dc=net does not exist
[26/May/2015:08:23:03 -0400] NSACLPlugin - The ACL target cn=keys,cn=sec,cn=dns,dc=pesen,dc=net does not exist
[26/May/2015:08:23:03 -0400] NSACLPlugin - The ACL target cn=dns,dc=pesen,dc=net does not exist
[26/May/2015:08:23:03 -0400] NSACLPlugin - The ACL target cn=dns,dc=pesen,dc=net does not exist
[26/May/2015:08:23:03 -0400] NSACLPlugin - The ACL target cn=groups,cn=compat,dc=pesen,dc=net does not exist
[26/May/2015:08:23:03 -0400] NSACLPlugin - The ACL target cn=computers,cn=compat,dc=pesen,dc=net does not exist
[26/May/2015:08:23:03 -0400] NSACLPlugin - The ACL target cn=ng,cn=compat,dc=pesen,dc=net does not exist
[26/May/2015:08:23:03 -0400] NSACLPlugin - The ACL target ou=sudoers,dc=pesen,dc=net does not exist
[26/May/2015:08:23:03 -0400] NSACLPlugin - The ACL target cn=users,cn=compat,dc=pesen,dc=net does not exist
[26/May/2015:08:23:03 -0400] NSACLPlugin - The ACL target cn=ad,cn=etc,dc=pesen,dc=net does not exist
[26/May/2015:08:23:03 -0400] NSACLPlugin - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=pesen,dc=net does not exist
[26/May/2015:08:23:03 -0400] NSACLPlugin - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=pesen,dc=net does not exist
[26/May/2015:08:23:03 -0400] NSACLPlugin - The ACL target cn=automember rebuild membership,cn=tasks,cn=config does not exist
[26/May/2015:08:23:03 -0400] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=pesen,dc=net--no CoS Templates found, which should be added before the CoS Definition.
[26/May/2015:08:23:04 -0400] - slapd started. Listening on All Interfaces port 389 for LDAP requests
[26/May/2015:08:23:04 -0400] - Listening on All Interfaces port 636 for LDAPS requests
[26/May/2015:08:23:04 -0400] - Listening on /var/run/slapd-PESEN-NET.socket for LDAPI requests
[26/May/2015:08:23:19 -0400] memberof-plugin - Memberof task starts (arg: (objectclass=*)) ...
[26/May/2015:08:23:21 -0400] memberof-plugin - Memberof task finished (arg: (objectclass=*)) ...
[26/May/2015:08:29:55 -0400] - slapd shutting down - signaling operation threads - op stack size 5 max work q size 2 max work q stack size 2
[26/May/2015:08:29:55 -0400] - slapd shutting down - waiting for 1 thread to terminate
[26/May/2015:08:29:55 -0400] - slapd shutting down - closing down internal subsystems and plugins
[26/May/2015:08:29:55 -0400] - Waiting for 4 database threads to stop
[26/May/2015:08:29:55 -0400] - All database threads now stopped
[26/May/2015:08:29:56 -0400] - slapd shutting down - freed 2 work q stack objects - freed 6 op stack objects
[26/May/2015:08:29:56 -0400] - slapd stopped.
[26/May/2015:08:29:57 -0400] SSL Initialization - Configured SSL version range: min: TLS1.0, max: TLS1.2
[26/May/2015:08:29:57 -0400] - SSL alert: Configured NSS Ciphers
[26/May/2015:08:29:57 -0400] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
[26/May/2015:08:29:57 -0400] - SSL alert: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
[26/May/2015:08:29:58 -0400] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
[26/May/2015:08:29:58 -0400] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
[26/May/2015:08:29:58 -0400] - SSL alert: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
[26/May/2015:08:29:58 -0400] - SSL alert: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: enabled
[26/May/2015:08:29:58 -0400] - SSL alert: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: enabled
[26/May/2015:08:29:58 -0400] - SSL alert: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
[26/May/2015:08:29:58 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
[26/May/2015:08:29:58 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
[26/May/2015:08:29:58 -0400] - SSL alert: TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled
[26/May/2015:08:29:58 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
[26/May/2015:08:29:58 -0400] - SSL alert: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled
[26/May/2015:08:29:58 -0400] - SSL alert: TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA: enabled
[26/May/2015:08:29:58 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
[26/May/2015:08:29:58 -0400] - SSL alert: TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled
[26/May/2015:08:29:58 -0400] - SSL alert: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
[26/May/2015:08:29:58 -0400] - SSL alert: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled
[26/May/2015:08:29:58 -0400] - SSL alert: TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA: enabled
[26/May/2015:08:29:58 -0400] - SSL alert: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: enabled
[26/May/2015:08:29:58 -0400] - SSL alert: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: enabled
[26/May/2015:08:29:58 -0400] - SSL alert: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: enabled
[26/May/2015:08:29:58 -0400] - SSL alert: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: enabled
[26/May/2015:08:29:58 -0400] - SSL alert: TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
[26/May/2015:08:29:58 -0400] - SSL alert: TLS_RSA_WITH_AES_128_CBC_SHA: enabled
[26/May/2015:08:29:58 -0400] - SSL alert: TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
[26/May/2015:08:29:58 -0400] - SSL alert: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled
[26/May/2015:08:29:58 -0400] - SSL alert: TLS_RSA_WITH_AES_256_CBC_SHA: enabled
[26/May/2015:08:29:58 -0400] - SSL alert: TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
[26/May/2015:08:29:58 -0400] - SSL alert: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled
[26/May/2015:08:29:58 -0400] - SSL alert: TLS_RSA_WITH_SEED_CBC_SHA: enabled
[26/May/2015:08:29:58 -0400] - 389-Directory/1.3.4.a1 B2015.070.423 starting up
[26/May/2015:08:29:58 -0400] - resizing db cache size: 1342176 -> 1073740
[26/May/2015:08:29:59 -0400] schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc=pesen,dc=net
[26/May/2015:08:29:59 -0400] schema-compat-plugin - warning: no entries set up under cn=ng, cn=compat,dc=pesen,dc=net
[26/May/2015:08:29:59 -0400] schema-compat-plugin - warning: no entries set up under ou=sudoers,dc=pesen,dc=net
[26/May/2015:08:29:59 -0400] NSACLPlugin - The ACL target cn=groups,cn=compat,dc=pesen,dc=net does not exist
[26/May/2015:08:29:59 -0400] NSACLPlugin - The ACL target cn=computers,cn=compat,dc=pesen,dc=net does not exist
[26/May/2015:08:29:59 -0400] NSACLPlugin - The ACL target cn=ng,cn=compat,dc=pesen,dc=net does not exist
[26/May/2015:08:29:59 -0400] NSACLPlugin - The ACL target ou=sudoers,dc=pesen,dc=net does not exist
[26/May/2015:08:29:59 -0400] NSACLPlugin - The ACL target cn=users,cn=compat,dc=pesen,dc=net does not exist
[26/May/2015:08:29:59 -0400] NSACLPlugin - The ACL target cn=ad,cn=etc,dc=pesen,dc=net does not exist
[26/May/2015:08:29:59 -0400] NSACLPlugin - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=pesen,dc=net does not exist
[26/May/2015:08:29:59 -0400] NSACLPlugin - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=pesen,dc=net does not exist
[26/May/2015:08:29:59 -0400] NSACLPlugin - The ACL target cn=automember rebuild membership,cn=tasks,cn=config does not exist
[26/May/2015:08:30:00 -0400] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=pesen,dc=net--no CoS Templates found, which should be added before the CoS Definition.
[26/May/2015:08:30:00 -0400] - slapd started. Listening on All Interfaces port 389 for LDAP requests
[26/May/2015:08:30:00 -0400] - Listening on All Interfaces port 636 for LDAPS requests
[26/May/2015:08:30:00 -0400] - Listening on /var/run/slapd-PESEN-NET.socket for LDAPI requests
[26/May/2015:08:30:01 -0400] - Entry "uid=admin,ou=people,o=ipaca" -- attribute "krbExtraData" not allowed
[26/May/2015:08:46:02 -0400] NSMMReplicationPlugin - agmt="cn=meToreplica1.pesen.net" (replica1:389): The remote replica has a different database generation ID than the local database. You may have to reinitialize the remote replica, or the local replica.
[26/May/2015:08:46:03 -0400] NSMMReplicationPlugin - Beginning total update of replica "agmt="cn=meToreplica1.pesen.net" (replica1:389)".
[26/May/2015:08:46:09 -0400] NSMMReplicationPlugin - Finished total update of replica "agmt="cn=meToreplica1.pesen.net" (replica1:389)". Sent 382 entries.
[26/May/2015:08:46:11 -0400] ipa-topology-plugin - ipa_topo_util_modify: failed to modify entry (cn=meToreplica1.pesen.net,cn=replica,cn=dc\3Dpesen\2Cdc\3Dnet,cn=mapping tree,cn=config): error 53
[26/May/2015:08:46:17 -0400] repl_version_plugin_recv_acquire_cb - [file ipa_repl_version.c, line 119]: Incompatible IPA versions, pausing replication. This server: "20100614120000" remote server: "(null)".
[26/May/2015:08:46:38 -0400] NSMMReplicationPlugin - agmt="cn=meToreplica1.pesen.net" (replica1:389): Unable to receive the response for a startReplication extended operation to consumer (Can't contact LDAP server). Will retry later.
[26/May/2015:08:46:41 -0400] NSMMReplicationPlugin - agmt="cn=meToreplica1.pesen.net" (replica1:389): Replication bind with SIMPLE auth resumed
[26/May/2015:08:47:42 -0400] NSMMReplicationPlugin - Beginning total update of replica "agmt="cn=masterAgreement1-replica1.pesen.net-pki-tomcat" (replica1:389)".
[26/May/2015:08:47:46 -0400] NSMMReplicationPlugin - Finished total update of replica "agmt="cn=masterAgreement1-replica1.pesen.net-pki-tomcat" (replica1:389)". Sent 70 entries.
[26/May/2015:08:48:28 -0400] repl_version_plugin_recv_acquire_cb - [file ipa_repl_version.c, line 119]: Incompatible IPA versions, pausing replication. This server: "20100614120000" remote server: "(null)".
[26/May/2015:08:48:28 -0400] repl_version_plugin_recv_acquire_cb - [file ipa_repl_version.c, line 119]: Incompatible IPA versions, pausing replication. This server: "20100614120000" remote server: "(null)".
[26/May/2015:09:06:42 -0400] NSMMReplicationPlugin - agmt_delete: begin
[26/May/2015:09:06:43 -0400] NSMMReplicationPlugin - CleanAllRUV Task: Initiating CleanAllRUV Task...
[26/May/2015:09:06:43 -0400] NSMMReplicationPlugin - CleanAllRUV Task: Retrieving maxcsn...
[26/May/2015:09:06:43 -0400] NSMMReplicationPlugin - CleanAllRUV Task: Found maxcsn (55646baa000000030000)
[26/May/2015:09:06:43 -0400] NSMMReplicationPlugin - CleanAllRUV Task: Cleaning rid (3)...
[26/May/2015:09:06:43 -0400] NSMMReplicationPlugin - CleanAllRUV Task: Waiting to process all the updates from the deleted replica...
[26/May/2015:09:06:43 -0400] NSMMReplicationPlugin - CleanAllRUV Task: Waiting for all the replicas to be online...
[26/May/2015:09:06:43 -0400] NSMMReplicationPlugin - CleanAllRUV Task: Waiting for all the replicas to receive all the deleted replica updates...
[26/May/2015:09:06:43 -0400] NSMMReplicationPlugin - CleanAllRUV Task: Sending cleanAllRUV task to all the replicas...
[26/May/2015:09:06:43 -0400] NSMMReplicationPlugin - CleanAllRUV Task: Cleaning local ruv's...
[26/May/2015:09:06:43 -0400] NSMMReplicationPlugin - CleanAllRUV Task: Waiting for all the replicas to be cleaned...
[26/May/2015:09:06:45 -0400] NSMMReplicationPlugin - CleanAllRUV Task: Waiting for all the replicas to finish cleaning...
[26/May/2015:09:06:45 -0400] NSMMReplicationPlugin - CleanAllRUV Task: Successfully cleaned rid(3).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipareplica-install.log
Type: text/x-log
Size: 295485 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150526/67429dae/attachment.bin>
-------------- next part --------------
$ ipa-replica-install --setup-ca --setup-dns --no-forwarders /var/lib/ipa/replica-info-replica1.pesen.net.gpg
Directory Manager (existing master) password:
Existing BIND configuration detected, overwrite? [no]: yes
Adding [192.168.122.233 replica1.pesen.net] to your /etc/hosts file
Using reverse zone(s) 122.168.192.in-addr.arpa.
Run connection check to master
Check connection from replica to remote master 'mymaster.pesen.net':
Directory Service: Unsecure port (389): OK
Directory Service: Secure port (636): OK
Kerberos KDC: TCP (88): OK
Kerberos Kpasswd: TCP (464): OK
HTTP Server: Unsecure port (80): OK
HTTP Server: Secure port (443): OK
The following list of ports use UDP protocol and would need to be
checked manually:
Kerberos KDC: UDP (88): SKIPPED
Kerberos Kpasswd: UDP (464): SKIPPED
Connection from replica to master is OK.
Start listening on required ports for remote master check
Get credentials to log in to remote master
admin at PESEN.NET password:
Check SSH connection to remote master
Execute check on remote master
Check connection from master to remote replica 'replica1.pesen.net':
Directory Service: Unsecure port (389): OK
Directory Service: Secure port (636): OK
Kerberos KDC: TCP (88): OK
Kerberos KDC: UDP (88): OK
Kerberos Kpasswd: TCP (464): OK
Kerberos Kpasswd: UDP (464): OK
HTTP Server: Unsecure port (80): OK
HTTP Server: Secure port (443): OK
Connection from master to replica is OK.
Connection check OK
Configuring NTP daemon (ntpd)
[1/4]: stopping ntpd
[2/4]: writing configuration
[3/4]: configuring ntpd to start on boot
[4/4]: starting ntpd
Done configuring NTP daemon (ntpd).
Configuring directory server (dirsrv): Estimated time 1 minute
[1/37]: creating directory server user
[2/37]: creating directory server instance
ipa : CRITICAL Failed to restart the directory server ([Errno 2] No such file or directory). See the installation log for details.
[3/37]: adding default schema
[4/37]: enabling memberof plugin
[5/37]: enabling winsync plugin
[6/37]: configuring replication version plugin
[7/37]: enabling IPA enrollment plugin
[8/37]: enabling ldapi
[9/37]: configuring uniqueness plugin
[10/37]: configuring uuid plugin
[11/37]: configuring modrdn plugin
[12/37]: configuring DNS plugin
[13/37]: enabling entryUSN plugin
[14/37]: configuring lockout plugin
[15/37]: configuring topology plugin
[16/37]: creating indices
[17/37]: enabling referential integrity plugin
[18/37]: configuring ssl for ds instance
[19/37]: configuring certmap.conf
[20/37]: configure autobind for root
[21/37]: configure new location for managed entries
[22/37]: configure dirsrv ccache
[23/37]: enable SASL mapping fallback
[24/37]: restarting directory server
[25/37]: setting up initial replication
Starting replication, please wait until this has completed.
Update in progress, 6 seconds elapsed
Update succeeded
[26/37]: updating schema
[27/37]: setting Auto Member configuration
[28/37]: enabling S4U2Proxy delegation
[29/37]: importing CA certificates from LDAP
[30/37]: initializing group membership
[31/37]: adding master entry
[32/37]: initializing domain level
ipa : CRITICAL Failed to load domainlevel.ldif: Command ''/usr/bin/ldapmodify' '-v' '-f' '/tmp/tmplQ0cnE' '-H' 'ldap://replica1.pesen.net:389' '-x' '-D' 'cn=Directory Manager' '-y' '/tmp/tmpsdHRHh'' returned non-zero exit status 68
[33/37]: configuring Posix uid/gid generation
[34/37]: adding replication acis
[35/37]: enabling compatibility plugin
[36/37]: tuning directory server
[37/37]: configuring directory to start on boot
Done configuring directory server (dirsrv).
Configuring certificate server (pki-tomcatd): Estimated time 3 minutes 30 seconds
[1/21]: creating certificate server user
[2/21]: configuring certificate server instance
[3/21]: stopping certificate server instance to update CS.cfg
[4/21]: backing up CS.cfg
[5/21]: disabling nonces
[6/21]: set up CRL publishing
[7/21]: enable PKIX certificate path discovery and validation
[8/21]: starting certificate server instance
[9/21]: creating RA agent certificate database
[10/21]: importing CA chain to RA certificate database
[11/21]: fixing RA database permissions
[12/21]: setting up signing cert profile
[13/21]: set certificate subject base
[14/21]: enabling Subject Key Identifier
[15/21]: enabling Subject Alternative Name
[16/21]: enabling CRL and OCSP extensions for certificates
[17/21]: setting audit signing renewal to 2 years
[18/21]: configure certmonger for renewals
[19/21]: configure certificate renewals
[20/21]: configure Server-Cert certificate renewal
[21/21]: Configure HTTP to proxy connections
Done configuring certificate server (pki-tomcatd).
Restarting the directory and certificate servers
Configuring Kerberos KDC (krb5kdc): Estimated time 30 seconds
[1/8]: adding sasl mappings to the directory
[2/8]: configuring KDC
[3/8]: creating a keytab for the directory
[4/8]: creating a keytab for the machine
[5/8]: adding the password extension to the directory
[6/8]: enable GSSAPI for replication
[error] RuntimeError: One of the ldap service principals is missing. Replication agreement cannot be converted.
Replication error message: Unable to acquire replicaLDAP error: Local error
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
One of the ldap service principals is missing. Replication agreement cannot be converted.
Replication error message: Unable to acquire replicaLDAP error: Local error
More information about the Freeipa-devel
mailing list